PDF CAS-004 Study Guide

Immutable infrastructure through containers ensures that the deployed systems remain consistent and resistant to drift. Any changes require rebuilding and redeploying containers, eliminating configuration inconsistencies. This aligns with CASP+ objective 2.2, which emphasizes implementing scalable, secure system configurations.

________________________________________

Restricting HTTP methods can mitigate the risk of network-based attacks against an online store by limiting the types of HTTP requests that the server will accept, thus reducing the attack surface. This is a common method to prevent web-based attacks such as Cross-Site Scripting (XSS) and SQL Injection.

The combination of DAST (Dynamic Application Security Testing) and SAST (Static Application Security Testing) would meet the developers' requirements. DAST is used for runtime testing, capable of simulating attacks like SQL injection and reflected XSS, which fulfills the first requirement. SAST analyzes the code statically to ensure that the application is not vulnerable to issues like memory leaks, fulfilling the second requirement. Implementing both will integrate security testing into the SDLC, addressing the security concerns earlier in the development cycle, as recommended in CASP+.