During a test, an examiner discovered that user input was concatenated into dynamic queries, allowing unexpected commands. Which recommendation best addresses the underlying cause of this design flaw?
Enforce policies to restrict administrative actions to specific groups
Apply checks and parameterizations to the portions of code that handle data
Implement strong protections on operating system accounts and services
Fit a detection platform to monitor malicious traffic
Incorporating input checks and parameterized queries prevents unexpected commands from appending themselves to the original data call. This helps ensure that malicious code is never interpreted as valid instructions, unlike options that focus on detection or administrative controls. While measures like restricting user actions and installing monitoring tools assist with oversight, they do not directly eliminate the potential for unsafe input processing.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is a parameterized query?
Open an interactive chat with Bash
How does SQL injection exploit input handling flaws?
Open an interactive chat with Bash
What are input validation and sanitization in the context of secure coding?