An online banking application has had its source code updated and is soon to be re-launched. The
underlying infrastructure has not been changed. In order to ensure that the application has an
appropriate security posture, several security-related activities are required.
Which of the following security activities should be performed to provide an appropriate level of
security testing coverage? (Select TWO).
A.
Penetration test across the application with accounts of varying access levels (i.e. nonauthenticated, authenticated, and administrative users).
B.
Code review across critical modules to ensure that security defects, Trojans, and backdoors are
not present.
C.
Vulnerability assessment across all of the online banking servers to ascertain host and
container configuration lock-down and patch levels.
D.
Fingerprinting across all of the online banking servers to ascertain open ports and services.
E.
Black box code review across the entire code base to ensure that there are no security defects
present.