There is reason to believe that a recently modified web application has allowed unauthorized
access. Which is the BEST way to identify an application backdoor?
A.
Black box pen test
B.
Security audit
C.
Source code review
D.
Vulnerability scan
Explanation:
Source code review is the best way to find and remove an application backdoor. Application
backdoors can be almost impossible to identify’ using a black box pen test or a security audit. A
vulnerability scan will only find “known” vulnerability patterns and will therefore not find a
programmer’s application backdoor.