Which of the following would MOST likely be included in the final report of a static application-security test that was written with a team of application developers as the intended audience?
A.
Executive summary of the penetration-testing methods used
B.
Bill of materials including supplies, subcontracts, and costs incurred during assessment
C.
Quantitative impact assessments given a successful software compromise
D.
Code context for instances of unsafe type-casting operations
Code context for instances of unsafe type-casting operations would most likely be included in the final report of a static application-security test that was written with a team of application developers as the intended audience, as it would provide relevant and actionable information for the developers to fix the vulnerabilities. Type-casting is the process of converting one data type to another, such as an integer to a string. Unsafe type-casting can lead to errors, crashes, or security issues, such as buffer overflows or code injection.
Contribute your Thoughts:
Chosen Answer:
This is a voting comment (?). You can switch to a simple comment. It is better to Upvote an existing comment if you don't have anything to add.
Submit