CCSP · Question #282
CCSP Question #282: Real Exam Question with Answer & Explanation
The correct answer is C: Input validation/bounds checking. Injection attacks, such as SQL injection or command injection, exploit applications that process untrusted input without proper validation; therefore, input validation and bounds checking are the primary defenses.
Question
The Open Web Application Security Project (OWASP) Top Ten is a list of web application security threats that is composed by a member-driven OWASP committee of application development experts and published approximately every 24 months. The 2013 OWASP Top Ten list includes "injection." In most cases, what is the method for reducing the risk of an injection attack? Response:
Options
- AUser training
- BHardening the OS
- CInput validation/bounds checking
- DPhysical locks
Explanation
Injection attacks, such as SQL injection or command injection, exploit applications that process untrusted input without proper validation; therefore, input validation and bounds checking are the primary defenses.
Common mistakes.
- A. User training helps prevent social engineering but does not directly protect against technical injection vulnerabilities in applications.
- B. Hardening the operating system improves overall system security but does not directly prevent vulnerabilities in application code that lead to injection attacks.
- D. Physical locks protect hardware and facilities and are entirely unrelated to software-based injection vulnerabilities.
Concept tested. Preventing injection attacks
Reference. https://owasp.org/www-project-top-ten/OWASP_Top_Ten_2013/
Topics
Community Discussion
No community discussion yet for this question.