A company is concerned about the security of its web applications and wants to perform a comprehensive security assessment. They want to ensure their applications are free from common web vulnerabilities such as SQL injection, cross$-$site scripting $($XSS$),$ and CSRF$.$

Which of the following testing methodologies should the company use?

answer

Open Source Security Testing Methodology Manual

OWASP Testing Guide

Cyber kill chain

MITRE ATT&CK