After a security breach, a security consultant is hired to perform a vulnerability assessment for a company’s web application. Which of the following tools would the consultant use?
After a security breach, a security consultant is hired to perform a vulnerability assessment for a company’s web application. Which of the following tools would the consultant use?
Nikto is a free and open-source web vulnerability scanner. It performs comprehensive tests against web servers for a variety of items including dangerous files, outdated server software, and potential vulnerabilities. It is specifically designed for web application security testing and vulnerability assessment, making it the most suitable tool for the consultant's task.
Nikto: is an open-source web server scanner that performs comprehensive tests against web servers for multiple items, including dangerous files, outdated server software, and potential vulnerabilities. It is specifically designed for web application security testing and vulnerability assessment, making it a suitable tool for the consultant's task. Kismet: is primarily used for detecting and analyzing wireless networks and is not designed for web application vulnerability assessment. tcpdump: is used to inspect network traffic, it is not specifically designed for web application vulnerability assessment. Hydra: is a password-cracking tool that can perform brute-force attacks against various network services, such as FTP, SSH, Telnet, and HTTP. It is not designed for web application vulnerability assessment.
The answer is A, Nikto. Nikto is a free and open-source web vulnerability scanner. It can be used to scan web applications for known vulnerabilities. Nikto can scan for a wide variety of vulnerabilities, including cross-site scripting (XSS), SQL injection, and file upload vulnerabilities.