An online banking application has had its source code updated and is soon to be re-launched. The underlying infrastructure has not been changed. In order to ensure that the application has an appropriate security posture, several security-related activities are required.
Which of the following security activities should be performed to provide an appropriate level of security testing coverage? (Select TWO).
A . Penetration test across the application with accounts of varying access levels (i.e. non-authenticated, authenticated, and administrative users).
B . Code review across critical modules to ensure that security defects, Trojans, and backdoors are not present.
C . Vulnerability assessment across all of the online banking servers to ascertain host and container configuration lock-down and patch levels.
D . Fingerprinting across all of the online banking servers to ascertain open ports and services.
E . Black box code review across the entire code base to ensure that there are no security defects present.
Answer: A,B
Leave a Reply