Exam CS0-003 topic 1 question 183 discussion

DAST tools typically do not assist in identifying and resolving runtime errors within the code. Instead, they focus on testing the application's behavior from the outside, by interacting with its interfaces and observing how it responds to various inputs.

I could not understand the question at all.

Its BD becuase DAST finds runtime errors, which have already occured, now you need to review the source code SAST and debug to fix it.

A. Performing dynamic application security testing is about testing the application in its running state, which is directly related to runtime errors. Since the question hints at runtime issues, DAST is a strong contender because it involves simulating attacks while the application is live, potentially uncovering vulnerabilities that occur during execution. B. Reviewing the code is typically more about identifying potential issues at the static code level, which is less directly related to runtime errors. While code review is important, it might not immediately address issues that only manifest when the code is running. Given this, the focus on runtime errors and the mention of a command-line interface for vulnerability checks makes A more relevant in this specific case. So, prioritizing A over B in this scenario is a reasonable approach because the question seems to be steering towards a dynamic testing environment.

Dynamic Application Security Testing (DAST) tools typically do not assist in identifying and resolving runtime errors within the code at a granular level. Instead, they focus on testing the application externally by interacting with its interfaces (like HTTP requests and responses for web applications) to identify vulnerabilities that can be exploited from the outside. DAST tools are more about assessing the security posture of an application as it runs, rather than directly debugging or diagnosing internal runtime errors in the code. Therefore most appropriate actions for developers to correct runtime errors would be: D. Debugging the code (Most Voted): This is essential for directly addressing and fixing runtime errors. B. Reviewing the code (Most Voted): Code reviews can help identify logical errors and potential vulnerabilities that might cause runtime issues.

The issue is to correct the "runtime errors" in order to enable the developers to correct the issue they have to Review and Debug the code.

If dynamic testing is not done how can we see errors and fox the code? that is why we need to chose A. We also chose D because we need to debug the code to study the code.

i go with BD.. dynamic application security testing is a valnerability test method to identify valnerabilities..Dynamic application security testing (DAST) is the process of using simulated attacks on a web application to identify vulnerabilities. By attacking an application the same way a malicious user would, this strategy assesses the program through an approach sometimes referred to as “outside in.” After executing the attacks, a DAST scanner studies the results to look for undesired outcomes. This data is then used to identify security flaws. In the question the code errors are seen already...

The answer is clearly B and D, based on the question "runtime errors"

A. Performing dynamic application security testing (DAST) - This approach involves testing an application while it is running to find vulnerabilities that an attacker could exploit. It's specifically designed to find conditions that are indicative of a security issue, such as runtime errors, which could potentially be leveraged for malicious purposes. D. Debugging the code - Debugging involves running the code in a controlled environment, often with the use of a debugger tool that allows the developer to step through the code execution, inspect variables, and understand the state of the application at each point. This can help identify and correct the causes of runtime errors.

The errors are occurring as the code in running, therefore the best techniques to fix them involve looking at the code as its running. Debugging and dynamic analysis tools are the way to do that.