CompTIA PenTest+ PT0-002 Practice Question
In a penetration testing engagement, you discover that a client's web application is improperly using data received from form submissions, leading to a high-risk vulnerability. In the final report, you advise on a defense mechanism that separates the input content from the database command. Which recommendation most effectively mitigates the identified risk?
Implement parameterized queries as this method prevents attacker-provided data from being treated as executable instructions.
Limit the number of characters in form text inputs to reduce the risk of hazardous commands being injected.
Enforce strict validation checks in the browser to ensure only clean data is submitted to the server.
Rely on the inherent security of stored procedures to handle any direct interaction with the database.
Escape all special characters in the form submission data to neutralize any malicious payloads.