Question 19
Domain 3: Infrastructure, Network, and Workload SecurityWhich security testing method involves examining source code to identify vulnerabilities without executing the application?
Correct answer: B
Explanation
Static Application Security Testing (SAST) analyzes an application's source code, bytecode, or binaries without running it. It is used to identify vulnerabilities "without executing the application," which distinguishes it from dynamic testing methods that require the program to run.
Why each option is right or wrong
A. Dynamic Application Security Testing (DAST)
B. Static Application Security Testing (SAST)
Static Application Security Testing (SAST) is the method used to inspect source code, bytecode, or binaries in a non-running state, so it fits a question asking for analysis of vulnerabilities without executing the program. By contrast, dynamic testing methods such as DAST require the application to be running and interact with it at runtime, which is not what is described here.
C. Penetration testing
D. Load testing