A completely new class of web-based vulnerabilities has been discovered. Claims have been made that all common web-based development frameworks are susceptible to attack. Proof-of-concept details have emerged on the Internet. A security advisor within a company has been asked to provide recommendations on how to respond quickly to these vulnerabilities. Which of the following BEST describes how the security advisor should respond?
A . Assess the reliability of the information source, likelihood of exploitability, and impact to hosted data. Attempt to exploit via the proof-of-concept code. Consider remediation options.
B . Hire an independent security consulting agency to perform a penetration test of the web servers. Advise management of any ‘high’ or ‘critical’ penetration test findings and put forward recommendations for mitigation.
C . Review vulnerability write-ups posted on the Internet. Respond to management with a recommendation to wait until the news has been independently verified by software vendors providing the web application software.
D . Notify all customers about the threat to their hosted data. Bring the web servers down into “maintenance mode” until the vulnerability can be reliably mitigated through a vendor patch.
Answer: A
Leave a Reply