Multiple Choice
A recently concluded penetration test revealed that a legacy web application is vulnerable to SQL injection. Research indicates that completely remediating the vulnerability would require an architectural change, and the stakeholders are not in a position to risk the availability on the application. Under such circumstances, which of the following controls are low-effort, short-term solutions to minimize the SQL injection risk? (Choose two.)
A) Identity and eliminate inline SQL statements from the code.
B) Identify and eliminate dynamic SQL from stored procedures.
C) Identify and sanitize all user inputs.
D) Use a whitelist approach for SQL statements.
E) Use a blacklist approach for SQL statements.
F) Identify the source of malicious input and block the IP address.
Correct Answer:
Verified
Correct Answer:
Verified
Q130: A company hires a penetration tester to
Q131: A penetration tester has compromised a host.
Q132: A penetration tester has compromised a Windows
Q133: A company performed an annual penetration test
Q134: A client needs to be PCI compliant
Q136: A security guard observes an individual entering
Q137: A penetration tester is performing a remote
Q138: A penetration tester wants to launch a
Q139: The following line was found in an
Q140: Given the following script: <img src="https://d2lvgg3v3hfg70.cloudfront.net/C1257/.jpg" alt="Given