6 Questions
What type of analysis should be done on every code commit to check for secrets and passwords?
Dependency Analysis
What type of scanning is used to test for known application vectors?
Dynamic Application Security Testing (DAST
What type of testing is used to test for known application vectors?
Dynamic Application Security Testing
What type of scanning is used to scan on every merge request?
Infrastructure as Code Scanning
What type of scanning is used to scan on every merge request?
Infrastructure as Code Scanning
Which database is used to identify previously known vulnerabilities?
National Vulnerability Database
Study Notes
- Vulnerability scanners rely on well-known databases, such as the National Vulnerability Database (NVD), to identify previously known vulnerabilities.
- Source code analysis occurs on every code commit, and should analyze if there are secrets and passwords that were placed in the repository by mistake.
- Dependency analysis occurs on every code commit, and your application’s dependencies are collated and checked against a database of known vulnerabilities.
- Dynamic Application Security Testing (DAST) is used to test for known application vectors, and Infrastructure as Code Scanning is used to scan on every merge request.
Learn about different security testing methods used in software development, such as vulnerability scanning, source code analysis, dependency analysis, and dynamic application security testing (DAST). Understand how these methods help identify and mitigate security risks in applications.
Make Your Own Quizzes and Flashcards
Convert your notes into interactive study material.
Get started for free