CompTIA CySA+ CS0-003 Practice Question
During a routine security review of a web application, analysts discover a vulnerability that allows attackers to inject harmful scripts into comment fields, which are then stored and executed on other users' browsers when the comments are displayed. What is the BEST mitigation strategy to address this specific security issue?
Install a Web Application Firewall (WAF) with default XSS protection settings.
Enforce output encoding for all user-generated content displayed on the web application.
Rely solely on input validation for all user-generated content to prevent malicious input.
Use a Content Security Policy (CSP) to prevent the execution of unauthorized scripts.