350-401 Question #1181: Real Exam Question with Answer & Explanation

Question

Which security actions must be implemented to prevent an API injection attack?

Options

• ALog and monitor failed attempts.
• BUse password hash with biometric authentication.
• CValidate, filter, and sanitize all incoming data.
• DUse short-lived access tokens and authenticate the apps.

Explanation

To prevent API injection attacks, all incoming data must be thoroughly validated, filtered, and sanitized to neutralize malicious input before it can be processed.

Common mistakes.

• A. Logging and monitoring failed attempts are crucial for detection, forensics, and incident response, but they do not actively prevent the initial injection attack from occurring.
• B. Using password hashes and biometric authentication strengthens authentication and protects against credential theft, but these measures do not directly prevent injection attacks once an authenticated session is established.
• D. Short-lived access tokens and authenticating applications improve authorization security and limit the window for token misuse, but they do not stop malicious data from being injected into API calls if the application is vulnerable to input processing flaws.

Concept tested. API injection prevention methods

Reference. https://owasp.org/www-project-top-ten/OWASP_Top_Ten_2017/01_2017-Injection

No community discussion yet for this question.