Which security strategy is implemented by developers focusing on dynamic application testing?

Dynamic application testing (DAT) is a process used to identify vulnerabilities in a running application, simulating real-world attack scenarios to assess security postures. In this context, "Security as Code" is the strategy most relevant to the practice of integrating security testing throughout the development process.

"Security as Code" emphasizes embedding security practices within the software development lifecycle, making security considerations a fundamental part of application development rather than an afterthought. This approach promotes automation and integration of security testing tools like dynamic application security testing (DAST) solutions within the development pipelines, ensuring that vulnerabilities can be detected and resolved early before deployment.

Moreover, this strategy aligns well with modern development methodologies that prioritize continuous integration and continuous deployment (CI/CD), where automated testing, including security testing, is an essential component.

In contrast, the other strategies mentioned do not directly relate to dynamic application testing. Agile Method focuses on iterative development processes, Infrastructure as Code emphasizes managing infrastructure through code, and Spiral Method is a risk-driven approach to software development that entails iterative cycles but does not specifically address dynamic application testing.