CSSLP Question #400: Real Exam Question with Answer & Explanation

The correct answer is B: Dynamic code analysis. Static code analysis (SCA) examines code without execution, while dynamic code analysis (DCA) or Dynamic Application Security Testing (DAST) analyzes code during runtime, making them two primary techniques for code analysis during development and testing.

Secure Software Testing

Question

Which techniques are commonly used to perform code analysis during software development and testing? (Choose 2)

Options

ADependency vulnerability scanning
BDynamic code analysis
CPeer walkthrough review
DStatic code analysis

Explanation

Static code analysis (SCA) examines code without execution, while dynamic code analysis (DCA) or Dynamic Application Security Testing (DAST) analyzes code during runtime, making them two primary techniques for code analysis during development and testing.

Common mistakes.

A. Dependency vulnerability scanning is a specific type of static analysis that focuses on known vulnerabilities in third-party libraries and components, rather than a broad code analysis technique itself.
C. A peer walkthrough review is a manual inspection process where developers collaboratively examine code for errors and quality, which is not an automated "code analysis" technique in the same vein as static or dynamic analysis.

Concept tested. Static and dynamic code analysis

Reference. https://owasp.org/www-project-static-analysis-security-testing-guide/latest/

Topics

#Secure Code Analysis#Static Code Analysis#Dynamic Code Analysis#Security Testing

Community Discussion

No community discussion yet for this question.

Full CSSLP Practice Browse All CSSLP Questions