312-50V11 · Question #1008
Gregory, a professional penetration tester working at Sys Security Ltd., is tasked with performing a security test of web applications used in the company. For this purpose, Gregory uses a tool to tes
The correct answer is B. Burp Suite. Burp Suite is the industry-standard web application penetration testing platform featuring an intercepting proxy, session token analyzer, and custom attack modules. The scenario describes all core Burp Suite features specifically.
Question
Options
- ANmap
- BBurp Suite
- CCxSAST
- DWireshark
How the community answered
(22 responses)- A5% (1)
- B91% (20)
- D5% (1)
Why each option
Burp Suite is the industry-standard web application penetration testing platform featuring an intercepting proxy, session token analyzer, and custom attack modules. The scenario describes all core Burp Suite features specifically.
Nmap is a network discovery and port scanning tool, not a web application testing tool with proxy or session token analysis capabilities.
Burp Suite is a comprehensive web application security testing platform that includes an intercepting proxy for inspecting and modifying HTTP/HTTPS traffic between a browser and target application. It also provides Intruder for customized automated attacks and Sequencer for analyzing the randomness of session tokens, matching every capability described in the scenario.
CxSAST (Checkmarx SAST) is a static application security testing tool that analyzes source code for vulnerabilities, not an active proxy-based penetration testing tool.
Wireshark is a passive network packet capture and protocol analysis tool that does not support traffic interception, modification, or session token testing.
Concept tested: Web application penetration testing tool identification
Source: https://portswigger.net/burp/documentation/desktop
Topics
Community Discussion
No community discussion yet for this question.