CISSP · Question #723
A web-based application known to be susceptible to attacks is now under review by a senior developer. The organization would like to ensure this application Is less susceptible to injection attacks sp
The correct answer is B. Whitelist input and encode or escape output before it is processed for rendering.. To mitigate injection attacks (such as SQL injection, cross-site scripting (XSS), and other similar attacks), it is crucial to properly handle user input and ensure that data is appropriately sanitized before being used in any execution context. The best strategy involves both in
Question
A web-based application known to be susceptible to attacks is now under review by a senior developer. The organization would like to ensure this application Is less susceptible to injection attacks specifically. What strategy will work BEST for the organization's situation?
Options
- ADo not store sensitive unencrypted data on the back end.
- BWhitelist input and encode or escape output before it is processed for rendering.
- CLimit privileged access or hard-coding logon credentials,
- DStore sensitive data in a buffer that retains data in operating system (OS) cache or memory.
How the community answered
(41 responses)- A5% (2)
- B83% (34)
- C2% (1)
- D10% (4)
Explanation
To mitigate injection attacks (such as SQL injection, cross-site scripting (XSS), and other similar attacks), it is crucial to properly handle user input and ensure that data is appropriately sanitized before being used in any execution context. The best strategy involves both input validation and output encoding/escaping to prevent malicious input from being executed.
Topics
Community Discussion
No community discussion yet for this question.