Never inserting untrusted data except in allowed locations can be used to mitigate which of the following attacks? (Select two answers.)

Never inserting untrusted data except in allowed locations can be used to mitigate which of the following attacks? (Select two answers.)

Never inserting untrusted data except in allowed locations can be used to mitigate which of the following attacks? (Select two answers.)




a. Buffer overflow
b. Cross-site request forgery (XSRF)
c. Cross-Site Scripting (XSS)
d. Input validation error



Answer: A & D.

A buffer overflow is a direct result of poor or incorrect input validation or mishandled exceptions, and input validation errors are a result of improper field checking in the code. Answer B is incorrect because Cross-site request forgery (XSRF) is an attack in which the end user executes unwanted actions on a web application while they are currently authenticated. Answer C is incorrect because Cross-Site Scripting (XSS) vulnerabilities can be used to hijack the user's session or to cause the user accessing malware-tainted Site A to unknowingly attack Site B on behalf of the attacker who planted code on Site A.


Learn More :