New Year Sale 2026! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions
Mail Us support@pass4success.com
Location US
Mob_nav_barsMENU

Eccouncil 312-96 Exam - Topic 9 Question 31 Discussion

Actual exam question for Eccouncil's 312-96 exam
Question #: 31
Topic #: 9
[All 312-96 Questions]

During his secure code review, John, an independent application security expert, found that the developer has used Java code as highlighted in the following screenshot. Identify the security mistake committed by the developer?

Show Suggested Answer Hide Answer
Suggested Answer: C

by Rodolfo at Oct 21, 2024, 09:53 PM

Limited Time Offer

25%

Off

Get Premium 312-96 Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

0/2000 characters
Submit Cancel
Lea
3 months ago
Nah, I think he was trying to use whitelisting.
upvoted 0 times
...
Leoma
3 months ago
Wow, I can't believe developers still make this mistake!
upvoted 0 times
...
Jacki
3 months ago
Isn't blacklisting input validation still a thing?
upvoted 0 times
...
Catrice
4 months ago
Totally agree, that's a big no-no!
upvoted 0 times
...
Dominque
4 months ago
Looks like he's using a non-parametrized SQL query.
upvoted 0 times
...
Carlee
4 months ago
I definitely remember that non-parametrized SQL queries are a big no-no, so maybe that's the mistake here.
upvoted 0 times
...
Oliva
4 months ago
I feel like the developer is making a mistake with input validation, but I can't recall if it's specifically blacklisting or whitelisting.
upvoted 0 times
...
Oretha
4 months ago
I remember practicing a question about input validation, and I think blacklisting is generally less secure than whitelisting.
upvoted 0 times
...
Idella
5 months ago
I think the mistake might be related to SQL queries, but I'm not sure if it's about parametrized or non-parametrized ones.
upvoted 0 times
...
Veronique
5 months ago
This seems straightforward. I'm confident I can identify the security mistake based on the information provided.
upvoted 0 times
...
Ngoc
5 months ago
Okay, I've got a strategy. I'll go through the options and eliminate the ones that don't match the code I'm seeing.
upvoted 0 times
...
Dalene
5 months ago
Ah, I think I see the issue here. Let me double-check my understanding before selecting the answer.
upvoted 0 times
...
Nana
5 months ago
I'm a bit confused by the code snippet. I'll need to review my notes on secure coding practices to figure this out.
upvoted 0 times
...
Antonette
5 months ago
Hmm, this looks like a tricky one. I'll need to carefully analyze the code to identify the security mistake.
upvoted 0 times
...
Barrett
10 months ago
I bet the developer is just trying to make the code 'edgy' by using Blacklisting. Gotta stay hip, you know? But security should come first, not fashion.
upvoted 0 times
...
Lorean
10 months ago
Seriously, who uses Non-parametrized SQL queries these days? The developer must be living in the stone age or something.
upvoted 0 times
Mable
9 months ago
C) He is trying to use Blacklisting Input Validation
upvoted 0 times
...
Willodean
9 months ago
B) He is trying to use Non-parametrized SQL query
upvoted 0 times
...
Skye
9 months ago
C) He is trying to use Blacklisting Input Validation
upvoted 0 times
...
Mari
9 months ago
B) He is trying to use Non-parametrized SQL query
upvoted 0 times
...
Xochitl
9 months ago
A) He is trying to use Whitelisting Input Validation
upvoted 0 times
...
Julio
10 months ago
A) He is trying to use Whitelisting Input Validation
upvoted 0 times
...
...
Daron
10 months ago
Ah, the old Whitelist vs. Blacklist debate. I'm with John on this one - Blacklisting is a recipe for disaster. Does the developer even know what they're doing?
upvoted 0 times
...
Dell
10 months ago
Parametrized SQL Query is the way to go, my friend. Gotta keep those nasty SQL injections at bay!
upvoted 0 times
Leslie
8 months ago
D) He is trying to use Parametrized SQL Query
upvoted 0 times
...
Earleen
8 months ago
C) He is trying to use Blacklisting Input Validation
upvoted 0 times
...
Ming
9 months ago
B) He is trying to use Non-parametrized SQL query
upvoted 0 times
...
Onita
9 months ago
A) He is trying to use Whitelisting Input Validation
upvoted 0 times
...
...
Howard
10 months ago
Looks like the developer is trying to use Blacklisting Input Validation, which is a big no-no. Can't believe they're still using that outdated technique!
upvoted 0 times
Quiana
10 months ago
Yes, Blacklisting Input Validation is not secure and can easily be bypassed by attackers.
upvoted 0 times
...
Irma
10 months ago
Developer should be using Parametrized SQL Query instead of Blacklisting Input Validation.
upvoted 0 times
...
...
Gearldine
11 months ago
I believe the correct approach would be to use Parametrized SQL Query for better security.
upvoted 0 times
...
Pamella
11 months ago
I agree with Terrilyn. Non-parametrized SQL queries are vulnerable to SQL injection attacks.
upvoted 0 times
...
Terrilyn
11 months ago
I think the developer made a mistake by using Non-parametrized SQL query.
upvoted 0 times
...

Save Cancel