Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

Interview questions > DevSecOps Interview Question > Flashcards

DevSecOps Interview Question Flashcards

1
Q

What tool do you use for SAST

A

Fortify or Checkmarx SAST
Sonar
Synk

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

What is SAST tools

A

Static Application Security Testing (SAST tool)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

What are SCA tools

A

Software Composition Analysis (SCA) tools play very important role.
SCA tools help organizations identify and mitigate security vulnerabilities and licensing issues in their software by analyzing third-party components and dependencies.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

What difference between SCA and SAST tools

A

SCA is used to identify open source dependencies. SAST is used to analyze proprietary or first-party code. SAST tools do require access to source code, while SCA tools may not. SCA supports open source license compliance and SBOM use cases, while SAST does not.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

What are SCA tools available

A

Synk
JFrog XRay
GitHub dependabot
Fossa

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

What are IAST tools

A

IAST (interactive application security testing) analyzes code for security vulnerabilities while the app is run by an automated test, human tester, or any activity “interacting” with the application functionality.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

What are example of IAST tools

A

IAST Tools
Contrast Assess: This tool provides real-time identification and tracking of vulnerabilities during the software development process. It integrates seamlessly into CI/CD pipelines for continuous monitoring and protection.

Invicti: Known for its web application scanning capabilities, Invicti includes IAST features that allow for real-time vulnerability detection and reporting.

HCL AppScan: This comprehensive tool combines IAST with other testing methods, offering extensive support for various programming languages and frameworks. It also has DAST capabilities

Synopsys Seeker: This IAST tool focuses on providing detailed insights into vulnerabilities while the application is running, supporting multiple programming languages.

Acunetix: This web application security tool features IAST capabilities, enabling real-time detection of vulnerabilities and integration into automated testing workflows. It also has DAST capabilities

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

What are DAST tools

A

Dynamic application security testing (DAST) technologies are designed to detect conditions indicative of a security vulnerability in an application in its running state.

Opt for DAST when assessing production applications from an external perspective or when source code access is not available.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Give example of DAST tools

A

Netsparker, Burp Suite Enterprise, OWASP ZAP

How well did you know this?
1
Not at all
2
3
4
5
Perfectly

Interview questions (19 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2024 Bold Learning Solutions. Terms and Conditions