nerdexam
EC-Council

312-50V9 · Question #151

The Open Web Application Security Project (OWASP) testing methodology addresses the need to secure web applications by providing which one of the following services?

The correct answer is B. A list of flaws and how to fix them. OWASP provides publicly available documentation identifying common web application vulnerabilities and guidance on how to remediate them, most notably through the OWASP Top 10 list.

Hacking Web Applications

Question

The Open Web Application Security Project (OWASP) testing methodology addresses the need to secure web applications by providing which one of the following services?

Options

  • AAn extensible security framework named COBIT
  • BA list of flaws and how to fix them
  • CWeb application patches
  • DA security certification for hardened web applications

How the community answered

(28 responses)
  • A
    4% (1)
  • B
    89% (25)
  • D
    7% (2)

Why each option

OWASP provides publicly available documentation identifying common web application vulnerabilities and guidance on how to remediate them, most notably through the OWASP Top 10 list.

AAn extensible security framework named COBIT

COBIT is a governance and management framework published by ISACA, not OWASP, and is focused on IT enterprise governance rather than web application security testing.

BA list of flaws and how to fix themCorrect

OWASP's core offering is the identification of prevalent web application security flaws, such as injection, broken authentication, and XSS, paired with developer-facing remediation guidance. The OWASP Testing Guide and Top 10 project are freely available resources that enumerate specific vulnerability classes and explain how to fix them. This directly describes a 'list of flaws and how to fix them.'

CWeb application patches

OWASP is a documentation and research organization - it does not develop, distribute, or maintain software patches for web applications.

DA security certification for hardened web applications

OWASP does not issue security certifications for web applications; it provides open-source guidance and tools, not a formal certification program.

Concept tested: OWASP purpose and web application security resources

Source: https://owasp.org/www-project-web-security-testing-guide/

Topics

#OWASP#web application security#vulnerability list#security framework

Community Discussion

No community discussion yet for this question.

Full 312-50V9 Practice