CompTIA Security+ (SY0-601) — Question 329

A security analyst is assessing a new y developed web application by testing SQL injection, CSRF, and XML injection. Which of the follow ng frameworks should the analyst consider?

Answer options

• A. ISO
• B. MITRE ATT&CK
• C. OWASP
• D. NIST

Correct answer: C

Explanation

The OWASP framework is specifically designed to address web application security issues, making it the most relevant choice for assessing vulnerabilities like SQL injection and CSRF. The other frameworks, while significant in cybersecurity, focus on broader standards or categories and are not specifically tailored for web application vulnerabilities.