A cybersecurity analyst is tasked with implementing a control to mitigate a recently discovered buffer-overflow vulnerability in a critical application. Which of the following is the BEST control to implement to address this vulnerability directly?
Installing a web application firewall (WAF) to monitor incoming traffic and block potential attacks.
Increasing the size of buffers within the application to accommodate larger amounts of data.
Creating backups of application data so it can be restored in the event of corruption.
Input validation to control the amount and type of data accepted by the application.
A buffer-overflow vulnerability occurs when a program writes more data to a buffer than it can hold, potentially overwriting adjacent memory and allowing arbitrary code execution. Implementing proper input validation is the best direct control because it strictly enforces length, type, and format requirements on incoming data, preventing oversized or malformed input that could trigger the overflow. Backups protect data but do not stop exploitation, enlarging buffers merely shifts the limit without enforcing safety, and a web application firewall can help detect attacks but does not remove the underlying flaw.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is a buffer-overflow vulnerability?
Open an interactive chat with Bash
Why is input validation effective against buffer-overflow attacks?
Open an interactive chat with Bash
How does a web application firewall (WAF) differ from input validation for security?