Certified Cloud Security Professional (CCSP) — Question 404

What does static application security testing (SAST) offer as a tool to the testers that makes it unique compared to other common security testing methodologies?

Answer options

• A. Live testing
• B. Source code access
• C. Production system scanning
• D. Injection attempts

Correct answer: B

Explanation

The correct answer is B, as SAST allows testers to analyze the source code without executing the program, which is not a feature provided by other security testing methods. Options A, C, and D refer to dynamic testing approaches or techniques that do not involve source code review.