CompTIA SecurityX (CAS-005) — Question 172

During DAST scanning, applications are consistently reporting code defects in open-source libraries that were used to build web applications. Most of the code defects are from using libraries with known vulnerabilities. The code defects are causing product deployment delays. Which of the following is the best way to uncover these issues earlier in the life cycle?

Answer options

• A. Directing application logs to the SIEM for continuous monitoring
• B. Modifying the WAF polices to block against known vulnerabilities
• C. Completing an IAST scan against the web application
• D. Using a software dependency management solution

Correct answer: D

Explanation

Using a software dependency management solution allows teams to track and manage the libraries and their vulnerabilities more effectively, enabling earlier detection of issues. The other options either focus on monitoring or remediation after vulnerabilities are already present, rather than proactively managing dependencies that could introduce risks.