A recent batch of bug bounty findings indicates a systematic issue related to directory traversal. A security engineer needs to prevent flawed code from being deployed into production. Which of the following is the best mitigation strategy for the engineer?

A. Setting up secure development training with a focus on filesystem access issues

B. Implementing static code analysis testing into the CI/CD pipeline and blocking based on findings

C. Using a software composition analysis tool to look for directory traversal issues in the application

D. Developing a secure library for filesystem access and blocking builds that do not use the library

E. Leveraging a dynamic application security testing tool to uncover issues related to directory traversal






 

Suggested Answer: B

Community Answer: B



This question is in CAS-004 CompTIA Advanced Security Practitioner (CASP+) Exam
For getting CompTIA Advanced Security Practitioner (CASP+) Certificate


Disclaimers:
The website is not related to, affiliated with, endorsed or authorized by CompTIA. 
Trademarks, certification & product names are used for reference only and belong to CompTIA.
The website does not contain actual questions and answers from CompTIA's Certification Exams.