312-50V9 · Question #151
The Open Web Application Security Project (OWASP) testing methodology addresses the need to secure web applications by providing which one of the following services?
The correct answer is B. A list of flaws and how to fix them. OWASP provides publicly available documentation identifying common web application vulnerabilities and guidance on how to remediate them, most notably through the OWASP Top 10 list.
Question
The Open Web Application Security Project (OWASP) testing methodology addresses the need to secure web applications by providing which one of the following services?
Options
- AAn extensible security framework named COBIT
- BA list of flaws and how to fix them
- CWeb application patches
- DA security certification for hardened web applications
How the community answered
(28 responses)- A4% (1)
- B89% (25)
- D7% (2)
Why each option
OWASP provides publicly available documentation identifying common web application vulnerabilities and guidance on how to remediate them, most notably through the OWASP Top 10 list.
COBIT is a governance and management framework published by ISACA, not OWASP, and is focused on IT enterprise governance rather than web application security testing.
OWASP's core offering is the identification of prevalent web application security flaws, such as injection, broken authentication, and XSS, paired with developer-facing remediation guidance. The OWASP Testing Guide and Top 10 project are freely available resources that enumerate specific vulnerability classes and explain how to fix them. This directly describes a 'list of flaws and how to fix them.'
OWASP is a documentation and research organization - it does not develop, distribute, or maintain software patches for web applications.
OWASP does not issue security certifications for web applications; it provides open-source guidance and tools, not a formal certification program.
Concept tested: OWASP purpose and web application security resources
Source: https://owasp.org/www-project-web-security-testing-guide/
Topics
Community Discussion
No community discussion yet for this question.