Which of the following types of application attacks would be used to specifically gain unauthorized information from databases that did not have any input validation implemented?

  • Session hijacking and XML injection
  • SQL injection
  • Cookies and attachments
  • Buffer overflow and XSS

CompTIA Security+ SY0-401
  • Network Security
  • Compliance and Operational Security
  • Threats and Vulnerabilities
    • This question is filed here
  • Application, Data and Host Security
  • Access Control and Identity Management
  • Cryptography