Compare SAST and DAST. Why use both, and their limits?
Tests whether you understand complementary security testing layers in CI/CD. A strong answer contrasts static source analysis without execution against dynamic runtime attack simulation and explains that relying on only one leaves applications vulnerable.
Tests whether you understand how static and dynamic security testing complement each other across the software lifecycle. A strong answer defines SAST as white-box source-code analysis performed without execution to catch early flaws like SQL injection and XXE, defines DAST as simulated attacks on live applications to find runtime vulnerabilities, argues mature teams use both because relying on one leaves exploitable gaps, and notes SAST cannot catch execution-time issues while DAST cannot provide pre-deployment feedback.
Read the original → circleci.com
- #sast
- #dast
- #devsecops
- #cicd
- #application security
Get five bites like this every day.
Tezvyn delivers a daily feed of 60-second tech bites with quizzes to lock in what you learn.