A security controls assessor intends to perform a holistic configuration compliance test of networked assets.
The assessor has been handed a package of definitions provided in XML format, and many of the files have two common tags within them: “<object object_ref=… />” and “<state state_ref=… />”.
Which of the following tools BEST supports the use of these definitions?
A . HTTP interceptor
B . Static code analyzer
C . SCAP scanner
D . XML fuzzer
Answer: D