Which testing approach focuses on finding vulnerabilities by testing a running application from outside with no internal access?

Unlock all questions

This demo includes only 20 questions. Upgrade to access hundreds of questions, flashcards, exam simulations, and disable ads.

Full question bankExam simulationsFlashcards
From $9.99Unlock all

Prepare for the Certified Ethical Hacker Version 11 Exam with a comprehensive test featuring flashcards and multiple choice questions, each accompanied by hints and explanations to ensure a thorough understanding. Ace your ethical hacking exam with confidence!

Multiple Choice

Which testing approach focuses on finding vulnerabilities by testing a running application from outside with no internal access?

Explanation:
Testing a running application from outside with no internal access focuses on evaluating the live surface of the app as it’s deployed. Dynamic Application Security Testing (DAST) is built for this scenario: it interacts with the running application over the network, without access to the source code or internal systems, to uncover vulnerabilities that appear during real operation. By sending crafted inputs, probing input validation, authentication, session handling, and misconfigurations, DAST reveals how the application behaves under attack-like conditions and what it leaks through its external interfaces. Static Analysis, in contrast, examines code or binaries without executing the program, looking for potential issues in the source or compiled form rather than runtime behavior. White-box Testing involves full internal access, including source code and internal design details, to assess internal logic and hidden paths. Gray-box Testing provides partial internal knowledge or access. These approaches aren’t about testing a live external instance from outside in the same way that DAST is.

Testing a running application from outside with no internal access focuses on evaluating the live surface of the app as it’s deployed. Dynamic Application Security Testing (DAST) is built for this scenario: it interacts with the running application over the network, without access to the source code or internal systems, to uncover vulnerabilities that appear during real operation. By sending crafted inputs, probing input validation, authentication, session handling, and misconfigurations, DAST reveals how the application behaves under attack-like conditions and what it leaks through its external interfaces.

Static Analysis, in contrast, examines code or binaries without executing the program, looking for potential issues in the source or compiled form rather than runtime behavior. White-box Testing involves full internal access, including source code and internal design details, to assess internal logic and hidden paths. Gray-box Testing provides partial internal knowledge or access. These approaches aren’t about testing a live external instance from outside in the same way that DAST is.

More Multiple Choice Questions
Subscribe

Get the latest from Examzify

You can unsubscribe at any time. Read our privacy policy