A security analyst is asked to identify vulnerabilities in a web application without attempting to exploit them. Which type of assessment is being performed?
Trap 1: Security review
Security review is an informal evaluation.
Trap 2: Security audit
Security audit compares controls to a standard.
Trap 3: Penetration test
Penetration testing involves exploitation.
- A
Security review
Why wrong: Security review is an informal evaluation.
- B
Vulnerability assessment
Vulnerability assessment identifies vulnerabilities without exploitation.
- C
Security audit
Why wrong: Security audit compares controls to a standard.
- D
Penetration test
Why wrong: Penetration testing involves exploitation.