CompTIA PenTest+ (PT0-003) — Question 55
A penetration tester has been asked to conduct a blind web application test against a customer's corporate website. Which of the following tools would be best suited to perform this assessment?
Answer options
- A. ZAP
- B. Nmap
- C. Wfuzz
- D. Trufflehog
Correct answer: A
Explanation
ZAP (Zed Attack Proxy) is specifically designed for finding vulnerabilities in web applications, making it the ideal choice for a blind web application test. Nmap is primarily a network scanning tool, Wfuzz is focused on brute-forcing web applications, and Trufflehog is used for searching sensitive data in git repositories, none of which are directly suited for this type of assessment.