SY0-501 · Question #47
SY0-501 Question #47: Real Exam Question with Answer & Explanation
The correct answer is C: Server side validation. The application's susceptibility to a SQL injection attack, despite client-side restrictions, indicates a failure to implement robust server-side input validation.
Question
Although a web enabled application appears to only allow letters in the comment field of a web form, malicious user was able to carry a SQL injection attack by sending special characters through the web comment field. Which of the following has the application programmer failed to implement?
Options
- ARevision control system
- BClient side exception handling
- CServer side validation
- DServer hardening
Explanation
The application's susceptibility to a SQL injection attack, despite client-side restrictions, indicates a failure to implement robust server-side input validation.
Common mistakes.
- A. A revision control system is used for managing changes to source code and documentation, not for implementing application-level security controls like input validation to prevent SQL injection.
- B. Client-side exception handling deals with errors that occur within the user's browser and does not prevent malicious input from being sent to or processed by the server, as client-side controls can be circumvented.
- D. Server hardening focuses on securing the operating system, network services, and infrastructure components of a server, but it does not directly address application-level vulnerabilities related to improper input validation within the web application code.
Concept tested. Server-side input validation for injection prevention
Community Discussion
No community discussion yet for this question.