A penetration tester is performing a security review of a web application. Which of the following should the tester leverage to identify the presence of vulnerable open-source libraries?
SCA tools are specifically designed to identify vulnerabilities in open-source libraries used within an application. They analyze dependencies, check for known security issues, and provide insights into outdated or vulnerable components. This makes them the best choice for detecting security risks in third-party code.
VM (Vulnerability Management) focuses on tracking and managing vulnerabilities but does not directly scan open-source libraries.
IAST (Interactive Application Security Testing) works by analyzing applications during runtime but is more focused on detecting security flaws in the application's own code rather than its dependencies.
DAST (Dynamic Application Security Testing) scans running applications for vulnerabilities but does not specialize in identifying issues within open-source libraries.
upvoted 1 times
...
This section is not available anymore. Please use the main Exam Page.PT0-003 Exam Questions
Log in to ExamTopics
Sign in:
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
680e6b7
2 months, 2 weeks ago