SY0-501 · Question #314
SY0-501 Question #314: Real Exam Question with Answer & Explanation
The correct answer is C: On the application server. In a web-based client-server application, input validation should primarily be performed on the application server to ensure security and data integrity.
Question
When designing a web based client server application with single application server and database cluster backend, input validation should be performed:
Options
- AOn the client
- BUsing database stored procedures
- COn the application server
- DUsing HTTPS
Explanation
In a web-based client-server application, input validation should primarily be performed on the application server to ensure security and data integrity.
Common mistakes.
- A. Client-side validation enhances user experience but is easily bypassed by malicious users, making it insufficient for security purposes.
- B. While database stored procedures can enforce some data integrity, relying solely on them means invalid or malicious data might still reach the application server and its logic, potentially causing vulnerabilities or errors before database-level checks occur.
- D. HTTPS encrypts communication between the client and server and verifies data integrity during transit, but it does not perform validation on the actual content or format of the input data itself.
Concept tested. Web application security: server-side input validation
Reference. https://cheatsheetseries.owasp.org/cheatsheets/Input_Validation_Cheat_Sheet.html
Community Discussion
No community discussion yet for this question.