BenchMark Quizzes by MDFT Pro

Identify the Correct Tool for Web Application Security Testing

You work for MDFT Academy, a well-known training agency. As part of a security audit, you need to identify potential security vulnerabilities in your customer-facing web application before deployment.

Which tool should you add to the build pipeline to perform automated security testing of your web application?

Choose the correct answer from the options below.

Explanations for each answer:

Jenkins is incorrect. Jenkins is a continuous integration server that helps automate the building, testing, and deployment of software. While it's a valuable DevOps tool, it doesn't specifically provide security vulnerability scanning capabilities for web applications.
SourceGear Vault is incorrect. SourceGear Vault is a version control system, similar to Git. It tracks changes to code but doesn't provide security vulnerability scanning for web applications.
Mend Bolt is incorrect. Mend Bolt (formerly WhiteSource Bolt) is primarily designed for detecting open source components and their vulnerabilities within your codebase. While it does identify security vulnerabilities in open source dependencies, it's not specialized in testing the security of your web application's own code and functionality.
OWASP ZAP is correct.

Learn more about OWASP ZAP security scanning in Azure DevOps:

OWASP ZAP

Exam Preparation Quiz

Identify the Correct Tool for Web Application Security Testing