A penetration tester is performing a security review of a web application. Which of the following should the tester leverage to identify the presence of vulnerable open-source libraries?
Software Composition Analysis (SCA) is used to analyze dependencies in applications and identify vulnerable open-source libraries.
Option A (VM - Virtual Machine) ❌: A VM is a computing environment, not a vulnerability detection tool.
Option B (IAST - Interactive Application Security Testing) ❌: IAST analyzes runtime behavior, but it does not specialize in detecting vulnerable libraries.
Option C (DAST - Dynamic Application Security Testing) ❌: DAST scans running applications for vulnerabilities, but it does not analyze open-source libraries.
Option D (SCA - Software Composition Analysis) ✅: Correct.
Chosen Answer:
This is a voting comment (?). You can switch to a simple comment. It is better to Upvote an existing comment if you don't have anything to add.
Submit