EC-Council
312-50V11 · Question #375
312-50V11 Question #375: Real Exam Question with Answer & Explanation
The correct answer is B: A list of flaws and how to fix them. OWASP's primary contribution to web application security is a curated, publicly available list of common vulnerabilities along with guidance on how to remediate each one.
Hacking Web Applications
Question
The Open Web Application Security Project (OWASP) testing methodology addresses the need to secure web applications by providing which one of the following services?
Options
- AAn extensible security framework named COBIT
- BA list of flaws and how to fix them
- CWeb application patches
- DA security certification for hardened web applications
Explanation
OWASP's primary contribution to web application security is a curated, publicly available list of common vulnerabilities along with guidance on how to remediate each one.
Common mistakes.
- A. COBIT is a governance framework published by ISACA, not OWASP; OWASP does not maintain COBIT or any framework by that name.
- C. OWASP does not develop or distribute patches for web applications; patching is the responsibility of individual software vendors and development teams.
- D. OWASP does not issue security certifications for hardened web applications; it is an open, non-profit community that produces documentation and tools, not a certifying body.
Concept tested. OWASP purpose and primary deliverables
Reference. https://owasp.org/www-project-top-ten/
Topics
#OWASP#web application security#vulnerability list#security framework
Community Discussion
No community discussion yet for this question.