DevSecOps Interview Question

Question 1

What tool do you use for SAST

Answer 1

Fortify or Checkmarx SAST
Sonar
Synk

Question 2

What is SAST tools

Answer 2

Static Application Security Testing (SAST tool)

Question 3

What are SCA tools

Answer 3

Software Composition Analysis (SCA) tools play very important role.
SCA tools help organizations identify and mitigate security vulnerabilities and licensing issues in their software by analyzing third-party components and dependencies.

Question 4

What difference between SCA and SAST tools

Answer 4

SCA is used to identify open source dependencies. SAST is used to analyze proprietary or first-party code. SAST tools do require access to source code, while SCA tools may not. SCA supports open source license compliance and SBOM use cases, while SAST does not.

Question 5

What are SCA tools available

Answer 5

Synk
JFrog XRay
GitHub dependabot
Fossa

Question 6

What are IAST tools

Answer 6

IAST (interactive application security testing) analyzes code for security vulnerabilities while the app is run by an automated test, human tester, or any activity “interacting” with the application functionality.

Question 7

What are example of IAST tools

Answer 7

Contrast Security Assess or Synopsys Seeker

Question 8

What are DAST tools

Answer 8

Dynamic application security testing (DAST) technologies are designed to detect conditions indicative of a security vulnerability in an application in its running state.

Question 9

What are DAST tools

Answer 9

Netsparker, Burp Suite Enterprise, OWASP ZAP