Question 4 (20 points) Approximately 20 mins
Scenario 4
A company is concerned about the security of their new web application and brings you in as a cybersecurity consultant to advise them on how they can check the security of the application for any issues. The application allows users to log in and depending on their level of access, they can carry out different functions on the site. The CEO wants the testing to be quick.
Question 4.1 (10 points)
What type of testing would you do? What would you need to agree with the company CEO before starting the testing? What tools could you use?
Question 4.2 (10 points)
[1] (3 points) If you were to concentrate on a set of vulnerabilities, which set would that be and why?
[2] (3 points) Give 3 examples of vulnerabilities from that set.
[3] (4 points) What advice could you give the CEO about implementing controls to reduce the risk to the web application?
