Q. According to Veracode's 2020 metrics, what percentage of scanned applications did not pass their OWASP Top 10 security issues testing process?

View solution

Q. What type of testing is static code analysis often considered?

View solution

Q. What does static code analysis focus on?

View solution

Q. Which tool is a static code analysis tool for Ruby on Rails applications?

View solution

Q. What does dynamic code analysis rely on?

View solution

Q. Why is there a strong preference for automated testing in dynamic code analysis?

View solution

Q. What is fuzz testing (fuzzing)?

View solution

Q. What is a characteristic of fuzz testing?

View solution

Q. Why might fuzz testing attract attention from cybersecurity teams?

View solution

Q. Which of the following is an open source web application scanning tool?

View solution

Q. What is the primary interface used by Nikto for displaying results?

View solution

Q. What is the purpose of interception proxies in manual scanning of web applications?

View solution

Q. Which tool is designed specifically for use against WordPress installations?

View solution

Q. What is a characteristic of Burp Suite?

View solution

Q. Which of the following is a commonly used open source database vulnerability scanner?

View solution

Q. What is the purpose of a remediation workflow in vulnerability management?

View solution

Q. What is one consideration when selecting a remediation workflow tool for vulnerability management?

View solution

Q. What is a common source of tension between penetration testers and enterprise cybersecurity teams?

View solution

Q. When might penetration testers be required to immediately report their findings to management?

View solution

Q. What is the advantage of ongoing scanning compared to scheduled scanning?

View solution