Which of the following should a penetration tester do NEXT after identifying that an application being tested has already been compromised with malware?
A.
Analyze the malware to see what it does.
B.
Collect the proper evidence and then remove the malware.
C.
Do a root-cause analysis to find out how the malware got in.
D.
Remove the malware immediately.
E.
Stop the assessment and inform the emergency contact.
Stopping the assessment and informing the emergency contact is the best thing to do next after identifying that an application being tested has already been compromised with malware. This is because continuing the assessment might interfere with an ongoing investigation or compromise evidence collection. The emergency contact is the person designated by the client who should be notified in case of any critical issues or incidents during the penetration testing engagement.
Chosen Answer:
This is a voting comment (?). You can switch to a simple comment. It is better to Upvote an existing comment if you don't have anything to add.
Submit