When conducting an application-based penetration test on a web application, the assessment should also include testing access to which resources?
- AAA servers
- cloud services
- switches, routers, and firewalls
- back-end databases
|
Explanation & Hints: The application-based penetration test focuses on testing for security weaknesses in enterprise applications. These weaknesses can include but are not limited to misconfigurations, input validation issues, injection issues, and logic flaws. Because a web application is typically built on a web server with a back-end database, the testing scope also normally includes the database. |