PT0-001 · Question #184
When performing active information reconnaissance, which of the following should be tested FIRST before starting the exploitation process?
The correct answer is A. SQLmap. SQLmap is run first during active web application reconnaissance to automatically enumerate SQL injection vulnerabilities before more targeted manual testing begins.
Question
When performing active information reconnaissance, which of the following should be tested FIRST before starting the exploitation process?
Options
- ASQLmap
- BTLS configuration
- CHTTP verbs
- DInput fields
How the community answered
(39 responses)- A92% (36)
- B5% (2)
- C3% (1)
Why each option
SQLmap is run first during active web application reconnaissance to automatically enumerate SQL injection vulnerabilities before more targeted manual testing begins.
SQLmap is an automated SQL injection detection tool that actively probes application parameters during reconnaissance, enabling testers to quickly identify injectable endpoints before commencing exploitation. Running automated scanners first establishes the full attack surface and prioritizes targets, making subsequent manual techniques such as HTTP verb testing and input field analysis more focused and efficient.
TLS configuration testing evaluates transport layer security and is typically performed after initial application scanning has already identified the primary attack vectors.
HTTP verb testing is a targeted manual reconnaissance technique performed after automated scanning has mapped the application's available endpoints and services.
Manually testing input fields follows automated reconnaissance, because tools like SQLmap first identify which parameters warrant deeper manual investigation.
Concept tested: Active reconnaissance tool prioritization in web application testing
Source: https://owasp.org/www-project-web-security-testing-guide/
Topics
Community Discussion
No community discussion yet for this question.