A penetration test was performed by an on-staff junior technician. During the test, the technician discovered the web application could disclose an SQL table with user account and password information. Which of the following is the MOST effective way to notify management of this finding and its importance?
A) Document the findings with an executive summary, recommendations, and screenshots of the web application disclosure.
B) Connect to the SQL server using this information and change the password to one or two non-critical accounts to demonstrate a proof--of-concept to management.
C) Notify the development team of the discovery and suggest that input validation be implemented with a professional penetration testing company.
D) Request that management create an RFP to begin a formal engagement with a professional penetration testing company.
Correct Answer:
Verified
Q36: A software developer wants to test the
Q37: During testing, a critical vulnerability is discovered
Q38: A security guard observes an individual entering
Q39: A penetration tester is scanning a network
Q40: A penetration tester has successfully deployed an
Unlock this Answer For Free Now!
View this answer and more for free by performing one of the following actions
Scan the QR code to install the App and get 2 free unlocks
Unlock quizzes for free by uploading documents