CompTIA PenTest+ (PT0-003) — Question 115

A penetration tester needs to identify all vulnerable input fields on a customer website. Which of the following tools would be best suited to complete this request?

Answer options

• A. DAST
• B. SAST
• C. IAST
• D. SCA

Correct answer: A

Explanation

DAST, or Dynamic Application Security Testing, is designed to identify vulnerabilities in running applications, making it ideal for finding insecure input fields. In contrast, SAST (Static Application Security Testing) analyzes source code for vulnerabilities, IAST (Interactive Application Security Testing) combines both static and dynamic testing, and SCA (Software Composition Analysis) focuses on open source vulnerabilities, none of which are specifically aimed at identifying input field vulnerabilities on a live website.