312-50V10 · Question #375
The Open Web Application Security Project (OWASP) testing methodology addresses the need to secure web applications by providing which one of the following services?
The correct answer is B. A list of flaws and how to fix them. OWASP provides a publicly maintained list of common web application security vulnerabilities along with remediation guidance, not a framework, patches, or certifications.
Question
The Open Web Application Security Project (OWASP) testing methodology addresses the need to secure web applications by providing which one of the following services?
Options
- AAn extensible security framework named COBIT
- BA list of flaws and how to fix them
- CWeb application patches
- DA security certification for hardened web applications
How the community answered
(14 responses)- A7% (1)
- B86% (12)
- C7% (1)
Why each option
OWASP provides a publicly maintained list of common web application security vulnerabilities along with remediation guidance, not a framework, patches, or certifications.
COBIT is a governance framework developed by ISACA, not OWASP, and addresses IT management broadly rather than web application security specifically.
OWASP is best known for resources like the OWASP Top 10, which catalogs the most critical web application security risks and provides detailed guidance on how to identify and remediate each flaw. Its Web Security Testing Guide (WSTG) further extends this by offering a comprehensive methodology for finding and fixing vulnerabilities. These resources are advisory and educational, not prescriptive tools or certifications.
OWASP does not develop or distribute software patches; it is a nonprofit community that produces documentation, tools, and guidelines.
OWASP does not issue security certifications for applications or organizations; certification programs like Common Criteria or ISO 27001 fill that role.
Concept tested: OWASP mission and deliverables
Source: https://owasp.org/www-project-web-security-testing-guide/
Topics
Community Discussion
No community discussion yet for this question.