CompTIA CySA+ (CS0-003) — Question 180
A development team is preparing to roll out a beta version of a web application and wants to quickly test for vulnerabilities, including SQL injection, path traversal, and cross-site scripting. Which of the following tools would the security team most likely recommend to perform this test?
Answer options
- A. Hashcat
- B. OpenVAS
- C. OWASP ZAP
- D. Nmap
Correct answer: C
Explanation
OWASP ZAP is specifically designed for finding security vulnerabilities in web applications, making it the most suitable choice for testing for issues like SQL injection, path traversal, and cross-site scripting. Hashcat is a password recovery tool, OpenVAS is more suited for network vulnerability scanning, and Nmap is primarily a network discovery and security auditing tool, none of which focus on web application security testing like OWASP ZAP does.