GIAC Security Leadership Certification (GSLC) — Question 46

During which SDLC phase should a DAST tool be deployed to spider the application?

Answer options

• A. Development
• B. Production
• C. Testing
• D. Design

Correct answer: A

Explanation

The correct answer is A, Development, because this is when the application is being built and can be dynamically tested for vulnerabilities using a DAST tool. The other phases, such as Production or Design, do not allow for the same level of interactive testing as Development does, while Testing may not be the right time for initial spidering of the application.