What is George preventing by changing the code?

After learning from an external auditor that his code was susceptible to attack, George decided to
rewrite some of his code to look like the following. What is George preventing by changing the
code?
public voif doContent(…) {

String s;
if ((s = getUsernameByID(“userid”)) != null) {
s = StringUtils.encodeToHTML(s, 50);
response.write(“<br>Applicant:<u>” + s +
“</u>”);
}

}

After learning from an external auditor that his code was susceptible to attack, George decided to
rewrite some of his code to look like the following. What is George preventing by changing the
code?
public voif doContent(…) {

String s;
if ((s = getUsernameByID(“userid”)) != null) {
s = StringUtils.encodeToHTML(s, 50);
response.write(“<br>Applicant:<u>” + s +
“</u>”);
}

}

A.
Query string manipulation

B.
XSS attack

C.
Cookie poisoning

D.
SQL injection

Explanation:



Leave a Reply 0

Your email address will not be published. Required fields are marked *