KT-APP SAST findings

SAST flags SSRF in a webhook feature. Why is this high risk?

Multiple choice — select one answer

Answer choices

  1. a. Server may fetch internal metadata URLs exposing cloud credentials
  2. b. SSRF only affects CSS colors, without security or identity team coordination per policy.
  3. c. SAST never finds real bugs, without security or identity team coordination per policy.
  4. d. Webhooks cannot call URLs, without security or identity team coordination per policy.

Architectural breakdown & explanation

SSRF to cloud metadata is a common critical finding.

Correct answer(s): a. Server may fetch internal metadata URLs exposing cloud credentials

Exam domain: SAST findings (25% weight on the official guide).

Official documentation & study links

Practice this certification

This page is one question from the KeyTrain's Key Training — Application Security bank. Run a full timed practice exam with domain-weighted random questions in your browser.