An attacker gains access to a Web servers database and displays the contents of

the table that holds all of the names, passwords, and other user information. The attacker did this by entering information into the Web sites user login page that the softwares designers did not expect to be entered. This is an example of what kind of s

oftware design problem?

A. Insufficient input validation

B. Insufficient exception handling

C. Insufficient database hardening

D. Insufficient security management

The most common web application security weakness is the failure to properly vali

date input coming from the client or from the environment before using it. This weakness leads to almost all of the major vulnerabilities in web applications, such as cross site scripting, SQL injection, interpreter injection, locale/Unicode attacks, file

system attacks, and buffer overflows.

References: