A mid-sized company wants to integrate code scanning into their process while keeping costs low. Which security testing method involves add-ons to an IDE to evaluate source code developed in a specific language?

Choosing Static Application Security Testing (SAST) as the correct answer is insightful for a mid-sized company looking to integrate cost-effective code scanning into their development process. SAST focuses on evaluating source code for vulnerabilities before the application is run, allowing for early detection of security issues. This is particularly beneficial as it can be integrated into developers' IDEs (Integrated Development Environments), often with minimal additional costs, and can support various programming languages.

By incorporating SAST tools as add-ons to their IDEs, developers can receive real-time feedback and insights on code vulnerabilities as they write their code, leading to a more streamlined development process without extensive overhead costs. This proactive approach can significantly enhance the security posture of the application being developed without necessitating extensive changes to existing workflows.

Other options, while relevant to security testing, do not fit the scenario as well as SAST does. Dynamic Application Security Testing (DAST) involves testing the application when it is running, which requires a more complex setup and is generally more resource-intensive. Interactive Application Security Testing (IAST) combines elements of SAST and DAST but typically requires a running application, making it less suitable for early-stage integration directly into an IDE. The Federal Financial Institutions Examination Council (FFIEC