Certificate of Cloud Security Knowledge (CCSK) — Question 18

Which type of application security testing involves manual activity that is not necessarily integrated into automated testing?

Answer options

• A. Code Review
• B. Static Application Security Testing (SAST)
• C. Unit Testing
• D. Functional Testing
• E. Dynamic Application Security Testing (DAST)

Correct answer: A

Explanation

The correct answer is A, Code Review, as it involves manual examination of the code for security vulnerabilities without relying on automated tools. In contrast, Static Application Security Testing (SAST) and Dynamic Application Security Testing (DAST) are typically automated processes, while Unit Testing and Functional Testing focus on functionality rather than security.