A hacker was able to easily gain access to a website. He was able to log in via the frontend user login form of
the website using default or commonly used credentials. This exploitation is an example of what Software
design flaw?
A.
Insufficient security management
B.
Insufficient database hardening
C.
Insufficient input validation
D.
Insufficient exception handling
C.
answer B. removing or disabling the standard username/passwords is a form of hardening the system
C
B
So is it C and B? And why?
C or B *
It is not C. Input Validation has to do with making sure only certain characters and symbols are accepted in the “Username” or “Password” fields. It is “Validating your input”. Otherwise you could input SQL commands and such (SQL Injection)
B is correct. Hardening a system deals with setting general security such as disabling guest accounts and removing default usernames/passwords.
If the question said they got in using SQL Injection, then the answer would be C