adplus-dvertising
frame-decoration

Question

What is the recommended defense against injection vulnerabilities?

a.

Multifactor authentication

b.

Rigorous input validation

c.

Directory traversal

d.

Biometric controls

Answer: (b).Rigorous input validation Explanation:The best defense against injection vulnerabilities is to perform rigorous input validation on user-supplied input.

Engage with the Community - Add Your Comment

Confused About the Answer? Ask for Details Here.

Know the Explanation? Add it Here.

Q. What is the recommended defense against injection vulnerabilities?

Similar Questions

Discover Related MCQs

Q. How do multifactor techniques strengthen authentication systems?

Q. What is the risk associated with insecure direct object references?

Q. How should authentication cookies be transmitted for security?

Q. What is the goal of directory traversal attacks?

Q. What do cross-site scripting (XSS) attacks inject into legitimate websites?

Q. How do cross-site request forgery (CSRF) attacks exploit user behavior?

Q. What is the distinction between static and dynamic application security testing tools?

Q. Which one of the following approaches, when feasible, is the most effective way to defeat injection attacks?

Q. Examine the following network diagram. What is the most appropriate location for a web application firewall (WAF) on this network?

Q. Joe is examining the logs for his web server and discovers that a user sent input to a web application that contained the string WAITFOR. What type of attack was the user likely attempting?

Q. Which one of the following function calls is closely associated with Linux command injection attacks?

Q. Tina is conducting a penetration test and is trying to gain access to a user account. Which of the following is a good source for obtaining user account credentials?

Q. What type of credential used in Kerberos is often referred to as the “golden ticket” because of its potential for widespread reuse?

Q. Wendy is a penetration tester who wishes to engage in a session hijacking attack. What information is crucial for Wendy to obtain to ensure that her attack will be successful?

Q. Sherry is concerned that a web application in her organization supports unvalidated redirects. Which one of the following approaches would minimize the risk of this attack?

Q. Joe checks his web server logs and sees that someone sent the following query string to an application running on the server:
http://www.mycompany.com/servicestatus.php?serviceID=892&serviceID=892' ; DROP TABLE Services;--

What type of attack was most likely attempted?

Q. Upon further inspection, Joe finds a series of thousands of requests to the same URL coming from a single IP address. Here are a few examples:

http://www.mycompany.com/servicestatus.php?serviceID=1
http://www.mycompany.com/servicestatus.php?serviceID=2
http://www.mycompany.com/servicestatus.php?serviceID=3
http://www.mycompany.com/servicestatus.php?serviceID=4
http://www.mycompany.com/servicestatus.php?serviceID=5
http://www.mycompany.com/servicestatus.php?serviceID=6

What type of vulnerability was the attacker likely trying to exploit?

Q. Joe’s adventures in web server log analysis are not yet complete. As he continues to review the logs, he finds the request:

http://www.mycompany.com/../../../etc/passwd

What type of attack was most likely attempted?

Q. What type of attack depends on the fact that users are often logged into many websites simultaneously in the same browser?

Q. What type of cross-site scripting attack would not be visible to a security professional inspecting the HTML source code in a browser?