During a security assessment of a newly developed web application, you need to simulate multiple attack vectors-such as SQL injection and XSS-to observe how the application responds in real time. According to the Open Source Security Testing Methodology Manual (OSSTMM), in which phase do these active tests occur?
OSSTMM divides an engagement into four phases. Induction sets scope and logistics. Interaction is the only phase where testers actively probe the target-running scans, exploiting weaknesses, and otherwise emulating real attackers. The findings gathered here feed the Inquiry phase, which focuses on analysis, while the Intervention phase covers reporting and recommending controls. Because simulating SQL injection, XSS, or other exploits is active testing, it belongs in the Interaction phase.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is the Open Source Security Testing Methodology Manual (OSSTMM)?
Open an interactive chat with Bash
What are some examples of attack vectors tested during the Execution phase?
Open an interactive chat with Bash
How does the Planning phase differ from the Execution phase in OSSTMM?