Which two in lions would you perform to address this vulnerability?

During a security audit, it is noted that your application is vulnerable to SQL Injection attacks.
Which two in lions would you perform to address this vulnerability?

During a security audit, it is noted that your application is vulnerable to SQL Injection attacks.
Which two in lions would you perform to address this vulnerability?

A.
Use parameterized stored procedures with the embedded parameters.

B.
Add a text input validation filter to check user-supplied data.

C.
Configure user permissions in the deployment descriptor.

D.
Configure security roles in the deployment descriptor.

E.
Deploy the Internet facing nodes in a well defined demilitarized zone (DMZ) layer.

F.
Use parameterized stored procedures with the principle of least privilege.

Show Hint

Leave a Reply 8

Your email address will not be published. Required fields are marked *

DonkeyNuts

DonkeyNuts

Wrong. I wouldn’t say D. A, B, C, and F is possible.

I would say B and F

Reply

JEEEnthusiastic

JEEEnthusiastic

AB

Reply

Ashishkumar

Ashishkumar

I would say ABF..

Reply

Ashish

Ashish

BF correct

Reply

Ashishkumar

Ashishkumar

As per SQL Injection Prevention Cheat Sheet provided by OWASP,

Primary Defenses:

Option 1: Use of Prepared Statements (with Parameterized Queries)
Option 2: Use of Stored Procedures
Option 3: White List Input Validation
Option 4: Escaping All User Supplied Input

Ref : https://www.owasp.org/index.php/SQL_Injection_Prevention_Cheat_Sheet

Hence I would say ABF

Reply