Register
A junior technician in an organization's IT department runs a penetration test on a corporate web application. During testing, the technician discovers that the application can disclose a SQL table with
110k views
2 votes
A junior technician in an organization's IT department runs a penetration test on a corporate web application. During testing, the technician discovers that the application can disclose a SQL table with all user account and password information. How should the technician notify management?

A. Document the findings with an executive summary, recommendations, and screenshots of the web application disclosure.
B. Connect to the SQL server using this information and change the password to one or two non-critical accounts to demonstrate a proof--of-concept to management.
C. Notify the development team of the discovery and suggest that input validation be implemented with a professional penetration testing company.
D. Request that management create an RFP to begin a formal engagement with a professional penetration testing company.

User Adam Dobrawy
by
8.4k points

1 Answer

2 votes

Final answer:

The junior technician should document the findings and notify management through a detailed report with screenshots of the web application disclosure. Connecting to the SQL server and changing passwords is not recommended.

Step-by-step explanation:

The junior technician should notify management by documenting the findings with an executive summary, recommendations, and screenshots of the web application disclosure. This provides clear evidence of the vulnerability and communicates the seriousness of the issue. It is important to inform management through a professional and detailed report to ensure they understand the potential risks and can take appropriate actions.

Connecting to the SQL server and changing passwords is not recommended as it can be seen as unauthorized and unethical access. Instead, the focus should be on reporting the issue to management so they can address it properly. Notifying the development team of the discovery and suggesting input validation is a good step, but the technician should ultimately inform management to ensure the vulnerability is addressed on a broader scale. Requesting management to create an RFP to engage with a professional penetration testing company can be an additional step to enhance security measures and protect the organization's data.

User Siddharth Bhat
by
9.0k points
Ask a Question
Welcome to QAmmunity.org, where you can ask questions and receive answers from other members of our community.

9.5m questions

12.2m answers

Other Questions

The book shows how to add and subtract binary and decimal numbers. However, other numbering systems are also very popular when dealing with computers. The octal (base 8) numbering system is one of these.
Seven basic internal components found in a computer tower
Please help me ! All you do is just put it it all in your own words ! Please this is for my reported card!i don't know how to put it in my own words because my English is not that good!
describe an advance in technology that makes life more enjoyable. what discoveries contribute to this technology?
Disadvantages of using animation in advertising? advantages and disadvantages of using animation for education? advantages and disadvantages of using animation in entertainment?
Link Copied!