A penetration tester runs a vulnerability scan and identifies an outdated version of a web application running on the company’s server. The scan flags this as a medium-risk vulnerability. What is the best next step for the tester?
A.
Ignore the vulnerability since it is only flagged as medium-risk
B.
Brute-force the admin login page to gain unauthorized access
C.
Perform a denial-of-service (DoS) attack to crash the web application
D.
Research the vulnerability to check for any available patches or known exploits
CEH methodology emphasizes validating and researching identified vulnerabilities to determine exploitability, patch status, and business impact. Even medium-risk findings require investigation to assess their real severity.
Contribute your Thoughts:
Chosen Answer:
This is a voting comment (?). You can switch to a simple comment. It is better to Upvote an existing comment if you don't have anything to add.
Submit