nerdexam
EC-Council

312-50V10 · Question #561

An attacker gains access to a Web server's database and displays the contents of the table that holds all of the names, passwords, and other user information. The attacker did this by entering informa

The correct answer is A. Insufficient input validation. The most common web application security weakness is the failure to properly validate input coming from the client or from the environment before using it. This weakness leads to almost all of the major vulnerabilities in web applications, such as cross site scripting, SQL inject

SQL Injection

Question

An attacker gains access to a Web server's database and displays the contents of the table that holds all of the names, passwords, and other user information. The attacker did this by entering information into the Web site's user login page that the software's designers did not expect to be entered. This is an example of what kind of software design problem?

Options

  • AInsufficient input validation
  • BInsufficient exception handling
  • CInsufficient database hardening
  • DInsufficient security management

How the community answered

(29 responses)
  • A
    90% (26)
  • B
    3% (1)
  • C
    7% (2)

Explanation

The most common web application security weakness is the failure to properly validate input coming from the client or from the environment before using it. This weakness leads to almost all of the major vulnerabilities in web applications, such as cross site scripting, SQL injection, interpreter injection, locale/ Unicode attacks, file system attacks, and buffer overflows.

Topics

#SQL injection#input validation#web application security#database exposure

Community Discussion

No community discussion yet for this question.

Full 312-50V10 Practice