Certified Information Systems Security Professional (CISSP) — Question 139
What security technique in the Software Development Life Cycle (SDLC) should be leveraged to BEST ensure secure development throughout a project?
Answer options
- A. Dynamic application security testing (DAST)
- B. Waterfall
- C. Simple Object Access Protocol
- D. Static application security testing (SAST)
Correct answer: D
Explanation
Static application security testing (SAST) is the preferred method as it analyzes source code early in the development process, allowing for the identification and remediation of vulnerabilities before the application is deployed. In contrast, Dynamic application security testing (DAST) evaluates a running application, which may miss issues present in the code itself. The Waterfall model is a project management approach and does not inherently address security, while Simple Object Access Protocol is a protocol for web services and not a security technique.