Q. What percentage of applications, based on Veracode's 2017 metrics, contained security vulnerabilities?

View solution

Q. What is the focus of static application security testing (SAST)?

View solution

Q. Which of the following is an example of a SAST tool for Java code analysis?

View solution

Q. How does static code analysis differ from other testing methods?

View solution

Q. What is the primary characteristic of dynamic application security testing (DAST)?

View solution

Q. Why is there a strong preference for automated testing in dynamic code analysis?

View solution

Q. What is the role of interception proxies in web application security testing?

View solution

Q. Which tool, coordinated by OWASP, can intercept requests from any web browser and allow alterations before passing them to the web server?

View solution

Q. What is the primary purpose of fuzzers in web application testing?

View solution

Q. Which commercial product performs fuzz testing against various testing environments, including network protocols and embedded devices?

View solution

Q. What is the american fuzzy lop (AFL) fuzzer primarily used for?

View solution

Q. Which Windows-specific debugging tool was created by Microsoft?

View solution

Q. What is the purpose of the Interactive Disassembler (IDA)?

View solution

Q. Which tool is specifically designed for penetration testing and the reverse engineering of malware?

View solution

Q. What is the role of Gobuster in penetration testing?

View solution

Q. Which programming language is Gobuster written in?

View solution

Q. What is Drozer?

View solution

Q. What is the purpose of APKX and APK Studio?

View solution

Q. What is the primary objective of penetration testers when exploiting application vulnerabilities?

View solution

Q. How do static analysis tools contribute to penetration testing?

View solution