nerdexam
EC-Council

312-50V10 · Question #375

The Open Web Application Security Project (OWASP) testing methodology addresses the need to secure web applications by providing which one of the following services?

The correct answer is B. A list of flaws and how to fix them. OWASP provides a publicly maintained list of common web application security vulnerabilities along with remediation guidance, not a framework, patches, or certifications.

Hacking Web Applications

Question

The Open Web Application Security Project (OWASP) testing methodology addresses the need to secure web applications by providing which one of the following services?

Options

  • AAn extensible security framework named COBIT
  • BA list of flaws and how to fix them
  • CWeb application patches
  • DA security certification for hardened web applications

How the community answered

(14 responses)
  • A
    7% (1)
  • B
    86% (12)
  • C
    7% (1)

Why each option

OWASP provides a publicly maintained list of common web application security vulnerabilities along with remediation guidance, not a framework, patches, or certifications.

AAn extensible security framework named COBIT

COBIT is a governance framework developed by ISACA, not OWASP, and addresses IT management broadly rather than web application security specifically.

BA list of flaws and how to fix themCorrect

OWASP is best known for resources like the OWASP Top 10, which catalogs the most critical web application security risks and provides detailed guidance on how to identify and remediate each flaw. Its Web Security Testing Guide (WSTG) further extends this by offering a comprehensive methodology for finding and fixing vulnerabilities. These resources are advisory and educational, not prescriptive tools or certifications.

CWeb application patches

OWASP does not develop or distribute software patches; it is a nonprofit community that produces documentation, tools, and guidelines.

DA security certification for hardened web applications

OWASP does not issue security certifications for applications or organizations; certification programs like Common Criteria or ISO 27001 fill that role.

Concept tested: OWASP mission and deliverables

Source: https://owasp.org/www-project-web-security-testing-guide/

Topics

#OWASP#web application security#vulnerability list#testing methodology

Community Discussion

No community discussion yet for this question.

Full 312-50V10 Practice