An organization is conducting a pilot deployment of an e-commerce application. The application’s source code is not available. Which of the following strategies should an analyst recommend to evaluate the security of the software?
Correct Answer: C. Dynamic testing
Analysis: Given that the application's source code is not available, dynamic testing is an appropriate method to evaluate the security of the software. Dynamic testing involves analyzing the application by executing it and observing its behavior during runtime, which allows for the identification of security vulnerabilities that may not be evident through code inspection alone.
D. Penetration testing
Since the source code is not available, static testing and vulnerability scanning are not feasible options. Dynamic testing, while useful, might not be sufficient to uncover deep-rooted vulnerabilities.
Penetration testing is the most suitable approach in this case. It involves simulating real-world attacks to identify and exploit vulnerabilities in the application. This approach doesn't require access to the source code and can reveal critical security flaws that other testing methods might miss.
D Penetration testing
Penetration testing simulates real-world attacks on the application to identify vulnerabilities that could be exploited by an attacker. This method doesn't require access to the source code and is effective in assessing the security of the application in its operational environment.
upvoted 1 times
...
Log in to ExamTopics
Sign in:
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
5134674
2 days agoKANKALE
4 days, 5 hours agoluiiizsoares
5 days, 6 hours agozecomeia_007
2 weeks, 3 days agoChopSNap
3 weeks, 1 day agoSheikS
3 weeks, 3 days ago