PT0-002 · Question #309
PT0-002 Question #309: Real Exam Question with Answer & Explanation
The correct answer is D: Sanitize and validate all input within the web application to prevent internal resources from being. Server-side request forgery occurs when an attacker can manipulate a web application to send a request on behalf of the application to an internal network asset. By sanitizing and validating all input within the web application, the application can prevent an attacker from inject
Question
A penetration tester uncovered a flaw in an online banking web application that allows arbitrary requests to other internal network assets through a server-side request forgery. Which of the following would BEST reduce the risk of attack?
Options
- AImplement multifactor authentication on the web application to prevent unauthorized access of the
- BConfigure a secret management solution to ensure attackers are not able to gain access to
- CEnsure a patch management system is in place to ensure the web server system is hardened.
- DSanitize and validate all input within the web application to prevent internal resources from being
- EEnsure that enhanced logging is enabled on the web application to detect the attack.
Explanation
Server-side request forgery occurs when an attacker can manipulate a web application to send a request on behalf of the application to an internal network asset. By sanitizing and validating all input within the web application, the application can prevent an attacker from injecting malicious code or requests that could result in unauthorized access to internal resources.
Topics
Community Discussion
No community discussion yet for this question.