Which of the following can be mitigated with proper secure coding techniques?
A.
Input validation
B.
Error handling
C.
Header manipulation
D.
Cross-site scripting
Get 50% Discount on All Your Purchases
at PrepAway.com - Latest Exam Questions
This is ONE TIME OFFER
50%
D.
1
0
Input validation is a defensive technique intended to mitigate against possible user input attacks, such as buffer overflows and fuzzing. Input validation checks every user input submitted to the application before processing that input. The check could be a length, a character type, a language type, or a domain.
Error handling is an aspect of secure coding. When errors occur, the system should revert back to a secure state. This must be coded into the system, and should include error and exception handling.
A header manipulation attack uses other methods (hijacking, cross-site forgery, and so forth) to change values in HTTP headers and falsify access. When used with XSRF, the attacker can even change a user’s cookie.
Cross-site scripting (XSS) is a type of computer security vulnerability typically found in Web applications. XSS enables attackers to inject client-side script into Web pages viewed by other users.
Cross-site scripting uses known vulnerabilities in web-based applications, their servers, or plug-in systems on which they rely. Exploiting one of these, attackers fold malicious content into the content being delivered from the compromised site. When the resulting combined content arrives at the client-side web browser, it has all been delivered from the trusted source, and thus operates under the permissions granted to that system. By finding ways of injecting malicious scripts into web pages, an attacker can gain elevated access- privileges to sensitive page content, session cookies, and a variety of other information maintained by the browser on behalf of the user. The best protection against cross-site scripting is to disable the running of scripts (and browser profiles).
0
0
In my opinion, all 4 choices are NOT BEST answer. The best answer is mitigate injection attack. For example: Secure SQL code to prevent SQL injection attack.
The author chooses choice A, it is definitely wrong because “input validation” is not something going to be mitigated. It is a technique against input attacks.
If I must pick one answer out from the four, I would pick D. It is because coding is somewhat related to scripting.
Feel free to share if you have a better idea. Thanks
1
0
Input validation and Error handling are things that are done to make us less vulnerable to attack–they are mitigations. The two attacks are header manipulation and XSS. If we use security coding techniques, we should be able to shut down most XSS activities. Whereas a case can be made for header manipulation as well, that is less dependent upon the actual coding of the various applications. D is the winner.
1
0
I was thinking D as well. Thanks guys!
1
0
With input validation in place you can use fuzzing!
I think A is the correct answer!
0
1
Sorry, “use” should be “avoid”
1
0