nerdexam
Exams312-50V9Questions#475
EC-Council

312-50V9 · Question #475

312-50V9 Question #475: Real Exam Question with Answer & Explanation

The correct answer is C: Validate web content input for type, length, and range.. Validating input for type, length, and range is the most effective technique for blocking malicious data before it can exploit application vulnerabilities.

Question

While performing data validation of web content, a security technician is required to restrict malicious input. Which of the following processes is an efficient way of restricting malicious input?

Options

  • AValidate web content input for query strings.
  • BValidate web content input with scanning tools.
  • CValidate web content input for type, length, and range.
  • DValidate web content input for extraneous queries.

Explanation

Validating input for type, length, and range is the most effective technique for blocking malicious data before it can exploit application vulnerabilities.

Common mistakes.

  • A. Validating only query strings is too narrow and ignores other input vectors such as form fields, headers, and cookies that attackers routinely exploit.
  • B. Scanning tools are used for vulnerability assessment, not real-time runtime input restriction during application processing.
  • D. Validating for 'extraneous queries' is vague and does not represent a recognized, structured validation methodology that systematically blocks malicious input.

Concept tested. Web application input validation techniques

Reference. https://cheatsheetseries.owasp.org/cheatsheets/Input_Validation_Cheat_Sheet.html

Community Discussion

No community discussion yet for this question.

Sign up to join the discussion
Full 312-50V9 Practice