Free Preparation Discussions
MENU
CompTIA Exam CAS-004 Topic 1 Question 44 Discussion
Topic #: 1
A security engineer performed an assessment on a recently deployed web application. The engineer was able to exfiltration a company report by visiting the following URL:
www.intranet.abc.com/get-files.jsp?file=report.pdf
Which of the following mitigation techniques would be BEST for the security engineer to recommend?
Input validation is a technique that checks the user input for any errors, malicious data, or unexpected values before processing it by the application. Input validation can prevent many common web application attacks, such as:
SQL injection, which exploits a vulnerability in the application's database query to execute malicious SQL commands.
Cross-site scripting (XSS), which injects malicious JavaScript code into the application's web page to execute on the client-side browser.
Directory traversal, which accesses files or directories outside of the intended scope by manipulating the file path.
In this case, the security engineer should recommend input validation as the best mitigation technique, because it would:
Prevent the exfiltration of a company report by validating the file parameter in the URL and ensuring that it matches a predefined list of allowed files or formats.
Enhance the security of the web application by filtering out any malicious or invalid input from users or attackers.
Be more effective and efficient than other techniques, such as firewall, WAF (Web Application Firewall), or DLP (Data Loss Prevention), which may not be able to detect or block all types of web application attacks.
Armando
5 days agoArlette
6 days agoMartina
7 days ago