Q: 7
Your company is developing a new Azure App Service web app. You are providing design assistance
to verify the security of the web app.
You need to recommend a solution to test the web app for vulnerabilities such as insecure server
configurations, cross-site scripting (XSS), and SQL injection. What should you include in the
recommendation?
Options
Discussion
Option D and if anyone wants to dig deeper, the official study guide and practice labs really help clarify these testing types.
I remember similar question on practice test, pretty sure it's B.
Official guides and practice tests both mention SAST (B) for catching common flaws. It's good for code-level issues like injection. Not sure if it covers configs fully, but worth reviewing in the study materials. Agree?
Why not A here? IAST sounds tempting since it's interactive, but I think D is what usually catches XSS and config issues.
B isn’t right here, D is. DAST actually tests the running app so it can spot XSS or SQLi while the service is live. SAST won’t catch those runtime issues. Pretty sure D is what’s expected, but let me know if you’ve seen otherwise.
Option D fits, since DAST hits the live app and checks for real vulnerabilities like XSS or SQL injection. Pretty sure similar questions on practice exams picked D, since SAST doesn't catch runtime issues that well. Anyone see this answered differently?
D for sure. DAST actively scans the running app so it finds things like XSS and SQLi, which static analysis (B) would probably miss since it doesn't test in real time. Only thing giving me pause is if IAST (A) would ever be enough, but I think D fits this scenario better.
B
D. but not totally sure. SAST (B) is more code review, but DAST (D) should catch runtime stuff like XSS and config problems. I think D is right for full vulnerability coverage. Let me know if you see it differently.
D tbh, since B (SAST) misses runtime and config stuff like XSS in production. DAST covers those better. Anyone disagree?
Be respectful. No spam.
