A security engineer is asked to evaluate a new Android app with an open-source scanning framework that supports both static checks and runtime monitoring. Which method is effective for uncovering coding flaws and data exposure?
Establish a local environment, add the app archive, initiate a code inspection, then enable runtime instrumentation for a more thorough analysis
Submit the source to an online repository where an automated pipeline looks for known vulnerabilities
Rename the application file by changing its extension, uncompress it, and inspect the files with a basic text editor
Conduct a manual inspection by searching for outdated cryptographic methods or references to sensitive libraries in the code
Importing the app package and configuring a local setup for scanning allows both code-level detection and runtime observations. Among the other options, manual review or extracting the code without instrumentation misses important dynamic checks that can reveal hidden flaws. Uploading source code to an external repository provides partial coverage but not a complete static and dynamic approach often required for deeper scans.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is runtime instrumentation in app security testing?
Open an interactive chat with Bash
Why is combining static analysis with runtime monitoring important for app testing?
Open an interactive chat with Bash
What is an open-source scanning framework, and why is it useful?