SAST testing is performed by:
A. scanning the application source code.
B. scanning the application interface.
C. scanning all infrastructure components.
D. performing manual actions to gain control of the application.
Explanation:
SAST analyzes application code offline. SAST is generally a rules-based test that will scan software code for items such as credentials embedded into application code and a test of input validation, both of which are major concerns for application security.