SAST and DAST timing and source code access

2025-hsc-se-q13 · Dropdown Table · 2 marks

Source: NESA 2025 HSC Software Engineering HSC Q13

Question

A software developer plans to use static application security testing (SAST) and dynamic application security testing (DAST) to check an application that is being developed.

Select the correct entries to complete the table.

Complete the table

Reveal answer
CellAnswer
SAST timingbefore execution
SAST source code accessrequired
DAST timingduring execution
DAST source code accessnot required

Marking rubric

MarksDescription
2Correctly identifies the timing and source code access for each strategy.
1Correctly identifies the timing and source code access for one strategy, or correctly identifies the timing for each strategy.

Explanation

SAST analyses source code or binaries without running the application. DAST tests the running application from the outside and does not require source code access.

Metadata

Submitter
Seed data
Created
2026-05-02
Status
published
Syllabus
y12-secure-code-security-strategies
Tags
SAST DAST security testing source code access