During a web application penetration test, your team adopts the OWASP Web Security Testing Guide (WSTG) to structure the assessment. According to the guide's stated objective, which primary activity should the team emphasize to remain aligned with WSTG methodology?
Automate operating-system patch deployment across hosting servers
Fine-tune database queries to improve page-load performance
Actively identify, exploit, and document vulnerabilities in the web application
Collect real-time network flow data to detect intrusion attempts
The OWASP WSTG is designed to help testers actively identify, exploit when appropriate, and document vulnerabilities in web applications so that stakeholders can understand risk and implement remediation. It does not focus on continuous network monitoring, database performance tuning, or automating server patching-those tasks fall under other disciplines such as network security operations, performance engineering, and systems administration.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What does OWASP stand for?
Open an interactive chat with Bash
How does the OWASP Testing Guide help identify vulnerabilities?
Open an interactive chat with Bash
What are some key vulnerabilities the OWASP Testing Guide targets?