ISC2 Certified Secure Software Lifecycle Professional (CSSLP) Practice Question

During a CI/CD pipeline, developers execute automated functional tests against a containerized REST service. They want a vulnerability scanner that watches live HTTP traffic and instruments the code to correlate requests with exact lines where flaws occur, avoiding offline source scans. Which automated technique fulfills these needs?

Dynamic application security testing (DAST)
Static application security testing (SAST)
Runtime application self-protection (RASP)
Interactive application security testing (IAST)

Report Issue

Answer Description

Interactive application security testing (IAST) inserts an agent or instrumentation inside the running application and monitors real HTTP requests generated by functional or integration tests. Because the agent can observe both the request data and the internal execution flow, it can map a vulnerability to the specific file, method, and line of code in real time. Dynamic application security testing (DAST) is limited to observing external behavior and lacks code-level context. Static application security testing (SAST) analyzes source or byte code at rest rather than during execution. Runtime application self-protection (RASP) focuses on blocking attacks in production rather than systematically cataloging vulnerabilities during testing. Therefore, IAST best satisfies the stated requirements.

Ask Bash

Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.

What is the key advantage of Interactive Application Security Testing (IAST) over Dynamic Application Security Testing (DAST)?

Open an interactive chat with Bash

How does IAST differ from Static Application Security Testing (SAST)?

Open an interactive chat with Bash

What type of testing is Runtime Application Self-Protection (RASP) designed for, and why doesn’t it fit in CI/CD pipelines?

Open an interactive chat with Bash

How does Interactive Application Security Testing (IAST) work in real-time?

Open an interactive chat with Bash

How is IAST different from Dynamic Application Security Testing (DAST)?

Open an interactive chat with Bash

How does IAST compare to Static Application Security Testing (SAST)?

Open an interactive chat with Bash

ISC2 Certified Secure Software Lifecycle Professional (CSSLP)

Secure Software Testing

Your Score:

Settings & Objectives

Secure Software Concepts

Secure Software Lifecycle Management

Secure Software Requirements

Secure Software Architecture and Design

Secure Software Implementation

Secure Software Testing

Secure Software Deployment, Operations, Maintenance

Secure Software Supply Chain

Random Mixed

Questions are selected randomly from all chosen topics, with a preference for those you haven’t seen before. You may see several questions from the same objective or domain in a row.

Rotate by Objective

Questions cycle through each objective or domain in turn, helping you avoid long streaks of questions from the same area. You may see some repeat questions, but the distribution will be more balanced across topics.

Hide Score

Check or uncheck an objective to set which questions you will receive.

Bash, the Crucial Exams Chat Bot

AI Bot