CompTIA PenTest+ (PT0-002) — Question 252

After performing a web penetration test, a security consultant is ranking the findings by criticality. Which of the following standards or methodologies would be best for the consultant to use for reference?

Answer options

• A. OWASP
• B. MITRE ATT&CK
• C. PTES
• D. NIST

Correct answer: A

Explanation

The OWASP (Open Web Application Security Project) provides a well-recognized framework specifically focused on web application security, making it the most suitable choice for ranking web vulnerabilities. While MITRE ATT&CK and NIST offer valuable security insights, they are broader in scope and not exclusively tailored to web application issues. PTES (Penetration Testing Execution Standard) is also useful but does not focus on criticality ranking as effectively as OWASP does.