nerdexam
EC-Council

312-50V11 · Question #1008

Gregory, a professional penetration tester working at Sys Security Ltd., is tasked with performing a security test of web applications used in the company. For this purpose, Gregory uses a tool to tes

The correct answer is B. Burp Suite. Burp Suite is the industry-standard web application penetration testing platform featuring an intercepting proxy, session token analyzer, and custom attack modules. The scenario describes all core Burp Suite features specifically.

Hacking Web Applications

Question

Gregory, a professional penetration tester working at Sys Security Ltd., is tasked with performing a security test of web applications used in the company. For this purpose, Gregory uses a tool to test for any security loopholes by hijacking a session between a client and server. This tool has a feature of intercepting proxy that can be used to inspect and modify the traffic between the browser and target application. This tool can also perform customized attacks and can be used to test the randomness of session tokens. Which of the following tools is used by Gregory in the above scenario?

Options

  • ANmap
  • BBurp Suite
  • CCxSAST
  • DWireshark

How the community answered

(22 responses)
  • A
    5% (1)
  • B
    91% (20)
  • D
    5% (1)

Why each option

Burp Suite is the industry-standard web application penetration testing platform featuring an intercepting proxy, session token analyzer, and custom attack modules. The scenario describes all core Burp Suite features specifically.

ANmap

Nmap is a network discovery and port scanning tool, not a web application testing tool with proxy or session token analysis capabilities.

BBurp SuiteCorrect

Burp Suite is a comprehensive web application security testing platform that includes an intercepting proxy for inspecting and modifying HTTP/HTTPS traffic between a browser and target application. It also provides Intruder for customized automated attacks and Sequencer for analyzing the randomness of session tokens, matching every capability described in the scenario.

CCxSAST

CxSAST (Checkmarx SAST) is a static application security testing tool that analyzes source code for vulnerabilities, not an active proxy-based penetration testing tool.

DWireshark

Wireshark is a passive network packet capture and protocol analysis tool that does not support traffic interception, modification, or session token testing.

Concept tested: Web application penetration testing tool identification

Source: https://portswigger.net/burp/documentation/desktop

Topics

#Burp Suite#intercepting proxy#session token analysis#web application testing

Community Discussion

No community discussion yet for this question.

Full 312-50V11 Practice