Certified Cloud Security Professional – CCSP – Question384

What does static application security testing (SAST) offer as a tool to the testers that makes it unique compared to other common security testing methodologies?

A.
Live testing
B. Source code access
C. Production system scanning
D. Injection attempts

Correct Answer: B

Explanation:

Explanation: Static application security testing (SAST) is conducted against offline systems with previous knowledge of them, including their source code. Live testing is not part of static testing but rather is associated with dynamic testing. Production system scanning is not appropriate because static testing is done against offline systems. Injection attempts are done with many different types of testing and are not unique to one particular type. It is therefore not the best answer to the question.