A company hires a professional to perform penetration testing. The tester has identified and verified that one web application is vulnerable to SQL injection and cross-site scripting attacks. Which technical control measure should the tester recommend to the company?

Oct 9, 2023 Last Updated: Oct 9, 2023 No Comments
Tweet Share Pin it
IT Questions BankCategory: Ethical HackerA company hires a professional to perform penetration testing. The tester has identified and verified that one web application is vulnerable to SQL injection and cross-site scripting attacks. Which technical control measure should the tester recommend to the company?

A company hires a professional to perform penetration testing. The tester has identified and verified that one web application is vulnerable to SQL injection and cross-site scripting attacks. Which technical control measure should the tester recommend to the company?

  • process-level remediation
  • role-based access control (RBAC)
  • multifactor authentication
  • user input sanitization

Explanation: Parameterized queries best prevent SQL injection. Using input validation (sanitizing user input) best practices is recommended to mitigate and prevent vulnerabilities such as cross-site scripting, cross-site request forgery, SQL injection, command injection, XML external entities, and other vulnerabilities.

Exam with this question: Ethical Hacker: Course Final Exam Answers

Subscribe
Notify of
guest

0 Comments
Inline Feedbacks
View all comments