Certified Ethical Hacker (CEH v11) — Question 380

An organization decided to harden its security against web-application and web-server attacks. John, a security personnel in the organization, employed a security scanner to automate web-application security testing and to guard the organization's web infrastructure against web-application threats. Using that tool, he also wants to detect XSS, directory transversal problems, fault injection, SQL injection, attempts to execute commands, and several other attacks.
Which of the following security scanners will help John perform the above task?

Answer options

• A. AlienVaultֲ® OSSIM
• B. Syhunt Hybrid
• C. Saleae Logic Analyzer
• D. Cisco ASA

Correct answer: B

Explanation

The correct answer is B, Syhunt Hybrid, as it is specifically designed for web application security testing and can detect various vulnerabilities like XSS, SQL injection, and more. The other options, such as AlienVault OSSIM and Cisco ASA, focus on broader security management and firewall functions, while the Saleae Logic Analyzer is intended for hardware debugging, making them unsuitable for web application vulnerability scanning.