PT0-003 · Question #143
PT0-003 Question #143: Real Exam Question with Answer & Explanation
The correct answer is A: Run TruffleHog against a local clone of the application. TruffleHog is a tool specifically designed to search through git repositories for high-entropy strings and secrets, including hard-coded credentials. This automated tool can quickly scan through thousands of code files and identify sensitive information, making it an ideal choice
Question
During a penetration test of a web application, the tester gains full access to the application's source code. The application repository includes thousands of code files. Given that the assessment timeline is very short, which of the following approaches would allow the tester to identify hard-coded credentials most effectively?
Options
- ARun TruffleHog against a local clone of the application
- BScan the live web application using Nikto
- CPerform a manual code review of the Git repository
- DUse SCA software to scan the application source code
Explanation
TruffleHog is a tool specifically designed to search through git repositories for high-entropy strings and secrets, including hard-coded credentials. This automated tool can quickly scan through thousands of code files and identify sensitive information, making it an ideal choice when time is
Topics
Community Discussion
No community discussion yet for this question.