CAS-005 · Question #339
CAS-005 Question #339: Real Exam Question with Answer & Explanation
The correct answer is B: Input validation in the first two lines of code. The code vulnerability stems from improper handling of user input in the authentication process. In the first two lines, the code retrieves the USERID and PASS inputs, but there is no validation or sanitation of these inputs before they are processed. By implementing input valida
Question
A programmer is reviewing the following proprietary piece of code that was identified as a vulnerability due to users being authenticated when they provide incorrect credentials: Which of the following should the programmer implement to remediate the code vulnerability?
Options
- ASalted hashing via the proprietary function
- BInput validation in the first two lines of code
- CAtomic execution of subroutines
- DTOCTOU remediation in SET USERACL
- EDatabase connection over encrypted channels
Explanation
The code vulnerability stems from improper handling of user input in the authentication process. In the first two lines, the code retrieves the USERID and PASS inputs, but there is no validation or sanitation of these inputs before they are processed. By implementing input validation in these initial lines of code, the programmer can ensure that only properly formatted and expected data is passed into the authentication logic. This prevents malicious input, such as SQL injection or other forms of manipulation, which could allow incorrect credentials to be accepted and cause authentication issues. Input validation ensures that the inputs meet specific criteria (e.g., expected length, character set), which mitigates the risk of such vulnerabilities.
Community Discussion
No community discussion yet for this question.