Module 9: Static and Dynamic Application Security Testing (SAST & DAST)

 

What is a limitation of DAST compared to SAST?

Response:

A. DAST can only test static parts of the application

B. DAST cannot identify vulnerabilities in the source code not executed during the test

C. DAST is more effective at finding vulnerabilities in non-web applications

D. DAST replaces all other testing methods

Why is it important to integrate SAST in the early stages of development?

Response:

A. To increase the time it takes to detect vulnerabilities

B. To detect vulnerabilities early and reduce the cost of fixing them

C. SAST is less effective in the early stages

D. To focus only on final testing stages

How can combining SAST and DAST improve application security?

Response:

A. By focusing only on post-deployment testing

B. It creates redundancies that increase vulnerability

C. By providing a comprehensive view of both static code vulnerabilities and runtime issues

D. Combining these tests is discouraged in modern development practices

What advantage does DAST provide when testing web applications?

Response:

A. It only identifies surface-level vulnerabilities

B. It can identify runtime vulnerabilities that SAST might miss

C. DAST replaces the need for penetration testing

D. It is less comprehensive than manual testing

Which of the following is a security activity rather than a functional activity in the SDLC?

Response:

A. Defining business requirements

B. Conducting a code review for security vulnerabilities

C. Developing the application's user interface

D. Testing the application's performance under load