CISSP · Question #1042
Which of the following is the MOST effective method of detecting vulnerabilities in web-based applications early in the secure Software Development Life Cycle (SDLC)?
The correct answer is C. Code review. The most effective method of detecting vulnerabilities in web-based applications early in the secure SDLC is code review. Code review is a process of examining and evaluating the source code of a web- based application to identify and correct any errors, defects, or weaknesses th
Question
Which of the following is the MOST effective method of detecting vulnerabilities in web-based applications early in the secure Software Development Life Cycle (SDLC)?
Options
- AWeb application vulnerability scanning
- BApplication fuzzing
- CCode review
- DPenetration testing
How the community answered
(48 responses)- A2% (1)
- B10% (5)
- C79% (38)
- D8% (4)
Explanation
The most effective method of detecting vulnerabilities in web-based applications early in the secure SDLC is code review. Code review is a process of examining and evaluating the source code of a web- based application to identify and correct any errors, defects, or weaknesses that may affect its functionality, quality, security, or performance. Code review can detect vulnerabilities in web-based applications early in the secure SDLC, as it can be performed during the development or testing phases, before the application is deployed or released. Code review can also improve the security posture of the web-based application, as it can reduce the attack surface, mitigate the risks, and comply with the standards and regulations. Web application vulnerability scanning, application fuzzing, or penetration testing are not the most effective methods of detecting vulnerabilities in web-based applications early in the secure SDLC, as they are performed later in the secure SDLC, usually after the application is deployed or released. Web application vulnerability scanning is a technique of using automated tools to scan and identify the common vulnerabilities or misconfigurations in a web-based application, such as SQL injection, cross-site scripting, or broken authentication. Application fuzzing is a technique of using random or malformed inputs to test the behavior and security of a web-based application, and to discover any errors, crashes, or vulnerabilities. Penetration testing is a technique of simulating a real-world attack on a web-based application, and to evaluate its security and resilience.
Topics
Community Discussion
No community discussion yet for this question.