nerdexam
(ISC)2

CISSP · Question #723

A web-based application known to be susceptible to attacks is now under review by a senior developer. The organization would like to ensure this application Is less susceptible to injection attacks sp

The correct answer is B. Whitelist input and encode or escape output before it is processed for rendering.. To mitigate injection attacks (such as SQL injection, cross-site scripting (XSS), and other similar attacks), it is crucial to properly handle user input and ensure that data is appropriately sanitized before being used in any execution context. The best strategy involves both in

Submitted by stefanr· Mar 5, 2026Software Development Security

Question

A web-based application known to be susceptible to attacks is now under review by a senior developer. The organization would like to ensure this application Is less susceptible to injection attacks specifically. What strategy will work BEST for the organization's situation?

Options

  • ADo not store sensitive unencrypted data on the back end.
  • BWhitelist input and encode or escape output before it is processed for rendering.
  • CLimit privileged access or hard-coding logon credentials,
  • DStore sensitive data in a buffer that retains data in operating system (OS) cache or memory.

How the community answered

(41 responses)
  • A
    5% (2)
  • B
    83% (34)
  • C
    2% (1)
  • D
    10% (4)

Explanation

To mitigate injection attacks (such as SQL injection, cross-site scripting (XSS), and other similar attacks), it is crucial to properly handle user input and ensure that data is appropriately sanitized before being used in any execution context. The best strategy involves both input validation and output encoding/escaping to prevent malicious input from being executed.

Topics

#injection attacks#input validation#output encoding#web application security

Community Discussion

No community discussion yet for this question.

Full CISSP Practice