Never inserting untrusted data except in allowed locations can be used to mitigate which of the following attacks? (Select two answers.)
a. Buffer overflow
b. Cross-site request forgery (XSRF)
c. Cross-Site Scripting (XSS)
d. Input validation error
Answer: A & D.
A buffer overflow is a direct result of poor or incorrect input validation or mishandled exceptions, and input validation errors are a result of improper field checking in the code. Answer B is incorrect because Cross-site request forgery (XSRF) is an attack in which the end user executes unwanted actions on a web application while they are currently authenticated. Answer C is incorrect because Cross-Site Scripting (XSS) vulnerabilities can be used to hijack the user's session or to cause the user accessing malware-tainted Site A to unknowingly attack Site B on behalf of the attacker who planted code on Site A.