CAS-005 · Question #118
CAS-005 Question #118: Real Exam Question with Answer & Explanation
The correct answer is C: IAST. IAST (Interactive Application Security Testing): Combines both dynamic and static testing techniques and is highly suited for securing SaaS applications by providing insights into runtime and code-level issues. DAST (Dynamic Application Security Testing): Focuses on runtime vulne
Question
A company purchased Burp Suite licenses this year for each application security engineer. The engineers have used Burp Suite to identify several issues with the company's SaaS application. In the upcoming year, the Chief Information Security Officer would like to purchase additional tools to protect the SaaS product. Which of the following is the best option?
Options
- ADAST
- BSAST
- CIAST
- DZAP
Explanation
IAST (Interactive Application Security Testing): Combines both dynamic and static testing techniques and is highly suited for securing SaaS applications by providing insights into runtime and code-level issues. DAST (Dynamic Application Security Testing): Focuses on runtime vulnerabilities but lacks code- SAST (Static Application Security Testing): Analyzes source code but does not address runtime vulnerabilities. ZAP (OWASP ZAP) is a DAST tool similar to Burp Suite, providing redundant functionality rather than new protections.
Community Discussion
No community discussion yet for this question.