The best defense against session hijacking and man-in-the-middle (MITM) attacks is to use the following in the development of your software?
A.
Unique and random identification
B.
Use prepared statements and procedures
C.
Database views
D.
Encryption
Explanation:
A: The use on non-predictable (randomized) and unique identifiers to identify sessions between two communicating parties is the best defense against session hijacking and man-in-the-middle attacks. Encryption provides disclosure protection. Prepared statements or procedures at the database layer, reduces the likelihood of injection attacks. A database view is a preventive security control measure against disclosure attacks. Page 256.
The use on non-predictable (randomized) and unique identifiers to identify sessions between two communicating parties is the best defense against session hijacking and man-in-the-middle attacks. Encryption provides disclosure protection. Prepared statements or procedures at the database layer, reduces the likelihood of injection attacks. A database view is a preventive security control measure against disclosure attacks.
0
0
I don’t agree with A.
0
0