A Chief Information Security Officer is concerned about the condition of the code security being used for web applications. It is important to get the review right the first time, and the company is willing to use a tool that will allow developers to validate code as it is written. Which of the following methods should the company use?
The company should use SAST (Static Application Security Testing). SAST analyzes the source code for vulnerabilities without executing the program, allowing developers to validate their code as it is written. This method aligns with the need for early and accurate security review of the code.
The best method for the company to use is A. SAST (Static Application Security Testing). SAST analyzes the source code for vulnerabilities without executing the program. It allows developers to validate their code as it is written, which aligns with the goal of getting the review right the first time.