There is reason to believe that a recently modified web application has allowed unauthorized access. Which is
the BEST way to identify an application backdoor?

A.
Black box pen test

B.
Security audit

C.
Source code review

D.
Vulnerability scan

Explanation:

Source code review is the best way to find and remove an application backdoor. Application backdoors can be almost impossible to identify’ using a black box pen test or a security audit. A vulnerability scan will only find
“known” vulnerability patterns and will therefore not find a programmer’s application backdoor.