Joe, a penetration tester, is assessing the security of an application binary provided to him by his client. Which of the following methods would be the MOST effective in reaching this objective?
A. Employ a fuzzing utility
B. Use a static code analyzer
C. Run the binary in an application sandbox
D. Manually review the binary in a text editor
How to PASS CAS-004 in First Attempt?FULL Printable PDF and Software. VALID exam to help you PASS. |
Question says that you only have the binary, so B (static code analyzer) would not be possible.
If you run the binary in a sandbox you won’t analyze it’s security, but check app’s behavior.
D is obviously wrong.
So, A would be the most feasible answer: to fuzz the app binary.
B