CISM Certified Information Security Manager – Question0743 - CISM Certified Information Security Manager

There is reason to believe that a recently modified web application has allowed unauthorized access. Which is the BEST way to identify an application backdoor?

A. Black box pen test
B. Security audit
C. Source code review
D. Vulnerability scan

Correct Answer: C

Explanation:

Explanation:
Source code review is the best way to find and remove an application backdoor. Application backdoors can be almost impossible to identify’ using a black box pen test or a security audit. A vulnerability scan will only find “known” vulnerability patterns and will therefore not find a programmer’s application backdoor.