CompTIA PenTest+ (PT0-003) — Question 158

A penetration tester is attempting to discover vulnerabilities in a company's web application. Which of the following tools would most likely assist with testing the security of the web application?

Answer options

• A. OpenVAS
• B. Nessus
• C. sqlmap
• D. Nikto

Correct answer: D

Explanation

Nikto is specifically designed for scanning web servers and identifying vulnerabilities, making it the best choice for testing web applications. OpenVAS and Nessus are general vulnerability scanners that can assess various systems but are not solely focused on web applications. sqlmap is a tool used for detecting and exploiting SQL injection vulnerabilities, which is too narrow in scope for comprehensive web application testing.