A penetration test was performed by an on-staff junior technician. During the test, the technician discovered the web application could disclose an SQL table with user account and password information.
Which of the following is the MOST effective way to notify management of this finding and its importance?
A . Document the findings with an executive summary, recommendations, and screenshots of the web application disclosure.
B . Connect to the SQL server using this information and change the password to one or two noncritical accounts to demonstrate a proof–of-concept to management.
C . Notify the development team of the discovery and suggest that input validation be implemented with a professional penetration testing company.
D . Request that management create an RFP to begin a formal engagement with a professional penetration testing company.
Answer: A
Leave a Reply