PT0-002 · Question #249
PT0-002 Question #249: Real Exam Question with Answer & Explanation
The correct answer is D: Parameterized queries. The best recommendation to remediate this vulnerability is to use parameterized queries in the web application. Parameterized queries are a way of preventing SQL injection attacks by separating the SQL statements from the user input. This way, the user input is treated as a liter
Question
A red team completed an engagement and provided the following example in the report to describe how the team gained access to a web server: x' OR role LIKE '%admin% Which of the following should be recommended to remediate this vulnerability?
Options
- AMultifactor authentication
- BEncrypted communications
- CSecure software development life cycle
- DParameterized queries
Explanation
The best recommendation to remediate this vulnerability is to use parameterized queries in the web application. Parameterized queries are a way of preventing SQL injection attacks by separating the SQL statements from the user input. This way, the user input is treated as a literal value and not as part of the SQL statement. For example, instead of using x' OR role LIKE '%admin%, the user input would be passed as a parameter to a prepared statement that would check if it matches any value in the database.
Topics
Community Discussion
No community discussion yet for this question.