A software development team is working on an application that will handle sensitive user data. The team has already implemented static application security testing $($SAST$)$ in the early stages of development.

As the application nears deployment, what additional secure testing method should the team consider implementing and why?

answer

Dynamic application security testing $($DAST$)$ because it can test the application after deployment and from the outside.

Interactive application security testing $($IAST$)$ because it can access interpreters and compilers, allowing precise identification of a problematic line of code in runtime.

No additional testing is needed because SAST is sufficient for ensuring the security of the application.

Additional static application security testing $($SAST$)$ because it can identify the exact cause of a coding problem.