Your team has deployed a new web application to a staging environment. As a security specialist, you are tasked with identifying vulnerabilities by interacting with the application as a user would, sending various types of data to see how it responds. Which testing technique does this scenario describe?
Web application firewall (WAF) log review, which looks for evidence of past malicious activity.
Static analysis, which involves reviewing an application's source code for vulnerabilities before it is compiled or run.
Configuration compliance scanning, which checks that the host server meets secure baseline standards.
Dynamic analysis, which involves testing an application during its operation to find flaws that are only discoverable at runtime.
This scenario describes dynamic analysis, also known as Dynamic Application Security Testing (DAST). This method involves testing an application while it is running to find vulnerabilities that only appear during operation. It assesses the application from the 'outside-in,' mimicking how an attacker would interact with it. Static analysis reviews the raw code without running it, configuration scanning validates the security of the underlying server, and log review is a reactive process of reviewing past events.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What are some common tools used for dynamic analysis?
Open an interactive chat with Bash
How does dynamic analysis differ from static analysis in approach?