A web application has a newly discovered vulnerability in the authentication method used to validate known company users. The user ID of Admin with a password of "password" grants elevated access to the application over the Internet. Which of the following is the BEST method to discover the vulnerability before a production deployment?
A. Manual peer review
B. User acceptance testing
C. Input validation
D. Stress test the application
CS0-002: CompTIA CySA+ ExamFULL Printable PDF and Software. VALID exam to help you PASS. |
 |
Helloooo Lala_human.
About A: I saw the term “manual peer review” while studying for Cysa twice. Once it was intertwined with Dual Control what is personnel security-related. The second time it was related to the over-the-shoulder programming approach.
About B: User acceptance testing is one of the points during SDLC and that allows the party who ‘ordered’ some software to test its’ functionality before project completion.
About D: is related to stress testing, so it’s about checking the way the application handles a heavy load. Using admin user and password ‘password’ is not a heavy load.
About C: By elimination of others it’s the most likely correct answer. Input validation is one of the ways to test for vulnerabilities.
Correct answer should be A. It says how do you “discover” a vulnerability, not how do you “remediate” it.