While performing data validation of web content, a security technician is required to restrict malicious input.
Which of the following processes is an efficient way of restricting malicious input?
A.
Validate web content input for query strings.
B.
Validate web content input with scanning tools.
C.
Validate web content input for type, length, and range.
D.
Validate web content input for extraneous queries.
wronguser’ and 1=1; SELECT 1#
length is good for avoiding buffer overflows
a filter is a good bandaid
static analysis is the best place to start for comprehensive detection of flaws. any undeclared or sanitized input could be injectionable
any input interpreted as a string is potentially vulnerable