CISSP Question #1434: Real Exam Question with Answer & Explanation

Question

When developing an external facing web-based system, which of the following would be the MAIN focus of the security assessment prior to implementation and production?

Options

• AAssessing the Uniform Resource Locator (URL)
• BEnsuring Secure Sockets Layer (SSL) certificates are signed by a certificate authority
• CEnsuring that input validation is enforced
• DEnsuring Secure Sockets Layer (SSL) certificates are internally signed

Explanation

The main focus of the security assessment prior to implementation and production of an external facing web-based system is ensuring that input validation is enforced. Input validation is a security technique that involves checking and filtering the data entered by the users or other sources into the web-based system, to prevent any malicious or invalid data from compromising the security or functionality of the system. Input validation can help to mitigate various web-based attacks, such as SQL injection, cross-site scripting, buffer overflow, or command injection, that exploit the vulnerabilities in the input fields or parameters of the web-based system. Input validation can be performed at both the client-side and the server-side, using techniques such as whitelisting, blacklisting, sanitizing, encoding, or escaping the input data. Input validation is a critical security measure for any web-based system, especially for those that are external facing and exposed to the internet, where the input data can come from untrusted or malicious sources.

No community discussion yet for this question.