What is the term for vulnerability testing where you have knowledge of the systems involved?

The correct answer is C, which refers to Static Application Security Testing (SAST). SAST involves examining the application’s source code, bytecode, or binary code to identify vulnerabilities without executing the program. This testing approach requires deep knowledge of the application's source code and the underlying architecture since it evaluates the security of the code as it is written.

SAST is beneficial because it allows developers to identify potential security issues early in the development process, which can be more cost-effective and provide a more thorough assessment of the application's security posture. Having knowledge of the systems involved enables testers to pinpoint vulnerabilities that might not be visible from the outside, making this method a proactive approach to security assurance.

In contrast, the other testing methods focus on different aspects or external evaluations: Hybrid testing combines elements of both static and dynamic testing, DAST (Dynamic Application Security Testing) assesses applications in their running state without access to the source code, and Pen testing involves attempting to exploit vulnerabilities in the system with knowledge of the systems but typically focused on real-world attack scenarios rather than code analysis. This distinct focus of SAST on code review makes it the accurate choice for vulnerability testing with explicit knowledge of the systems involved.