A cybersecurity analyst discovers that a company's web application does not properly sanitize user input which could allow an attacker to execute unauthorized commands or access data. Which of the following mitigation techniques should the analyst recommend to address this specific software vulnerability?
You selected this option
Using parameterized queries to prevent malicious input from being executed as part of SQL commands
You selected this option
Employing encrypted channels for all data transmissions to the web application
You selected this option
Applying input length restrictions to limit the amount of data accepted by the web application
You selected this option
Implementing role-based access control to prevent unauthorized command execution
Parameterized queries are a technical control that can help prevent injection flaws by separating SQL code from data. This makes it harder for an attacker to inject malicious input that could alter the execution of a SQL query. Using encrypted channels addresses the confidentiality and integrity of the data in transit, but not the injection vulnerability itself. Input length restrictions can prevent buffer overflow attacks but would not necessarily prevent injection attacks. Role-based access control is a good practice for limiting user permissions based on their role, but it does not directly mitigate the vulnerability of unsanitized user input.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What are parameterized queries and how do they work?
Open an interactive chat with Bash
What is SQL injection and why is it dangerous?
Open an interactive chat with Bash
What are some other techniques to mitigate unsanitized user input vulnerabilities?