GIAC Certified Incident Handler (GCIH) — Question 199

You are responsible for security at a company that uses a lot of Web applications. You are most concerned about flaws in those applications allowing some attacker to get into your network. What method would be best for finding such flaws?

Answer options

• A. Manual penetration testing
• B. Code review
• C. Automated penetration testing
• D. Vulnerability scanning

Correct answer: D

Explanation

Vulnerability scanning is the most efficient method for detecting flaws in Web applications, as it can quickly assess a large number of systems and identify potential vulnerabilities. Manual and automated penetration testing, while effective, can be more time-consuming and may not cover all aspects as comprehensively as a vulnerability scanner. Code review, although useful for finding vulnerabilities in the source code, is not as effective for overall application security assessment compared to vulnerability scanning.