Certificate of Cloud Auditing Knowledge (CCAK) — Question 11

What is the advantage of using dynamic application security testing (DAST) over static application security testing (SAST) methodology?

Answer options

• A. Unlike SAST, DAST is a blackbox and programming language agnostic.
• B. DAST can dynamically integrate with most CI/CD tools.
• C. DAST delivers more false positives than SAST.
• D. DAST is slower but thorough.

Correct answer: D

Explanation

The correct answer is D because DAST, while being slower, provides a more thorough assessment of applications in a running state, which is essential for identifying runtime vulnerabilities. Options A and B are true statements about DAST but do not directly address the advantage in comparison to SAST. Option C is incorrect as DAST typically results in fewer false positives than SAST.