CCSP Question #557: Real Exam Question with Answer & Explanation

The correct answer is C: Source code access. SAST is a white-box testing methodology that analyzes an application's source code, bytecode, or binaries without executing the program. Testers (or automated tools) review the actual source code to identify vulnerabilities such as injection flaws, insecure function calls, or har

Submitted by olafpl· Apr 18, 2026Cloud Application Security

Question

What does static application security testing (SAST) offer as a tool to the testers?

Options

AProduction system scanning
BInjection attempts
CSource code access
DLive testing

Explanation

SAST is a white-box testing methodology that analyzes an application's source code, bytecode, or binaries without executing the program. Testers (or automated tools) review the actual source code to identify vulnerabilities such as injection flaws, insecure function calls, or hardcoded secrets early in the development lifecycle. This distinguishes SAST from DAST, which tests a live, running application (D) through scanning and probing (A, B) without access to the underlying code.

Topics

#SAST#Application Security Testing#Source Code Analysis#Cloud Application Security

Community Discussion

No community discussion yet for this question.

Full CCSP Practice Browse All CCSP Questions