Eccouncil Exam ECSAv10 Topic 7 Question 70 Discussion

Actual exam question for Eccouncil's ECSAv10 exam

Question #: 70
Topic #: 7

SQL injection attack consists of insertion or "injection" of either a partial or complete SQL query via the data input or transmitted from the client (browser) to the web application. A successful SQL injection attack can:

i) Read sensitive data from the database

iii) Modify database data (insert/update/delete)

iii) Execute administration operations on the database (such as shutdown the DBMS) iV) Recover the content of a given file existing on the DBMS file system or write files into the file system v) Issue commands to the operating system

Pen tester needs to perform various tests to detect SQL injection vulnerability. He has to make a list of all input fields whose values could be used in crafting a SQL query, including the hidden fields of POST requests and then test them separately, trying to interfere with the query and to generate an error.

In which of the following tests is the source code of the application tested in a non-runtime environment to detect the SQL injection vulnerabilities?

AAutomated Testing

BFunction Testing

CDynamic Testing

DStatic Testing

Show Suggested Answer

Suggested Answer: D

by Detra at May 17, 2024, 05:26 AM

Limited Time Offer

25%

Off

Get Premium ECSAv10 Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

Submit Cancel

Charisse

1 months ago

D) Static Testing, for sure. Although, I have to say, the list of things a successful SQL injection attack can do is quite impressive. It's like a one-stop shop for causing all kinds of mayhem!

upvoted 0 times

Lonny

20 days ago

Static Testing is the correct answer. It's important to check the source code for vulnerabilities.

upvoted 0 times

...

Dominque

1 months ago

I'll have to go with D) Static Testing. It's the only option that matches the description in the question. Although, I do wonder if the person who wrote this question has ever actually tried to manually test for SQL injection vulnerabilities. Talk about a tedious task!

upvoted 0 times

Lachelle

20 days ago

C: Static Testing is definitely the way to go for detecting SQL injection vulnerabilities.

upvoted 0 times

...

Kattie

27 days ago

B: Yeah, I agree. It's all about testing the source code in a non-runtime environment.

upvoted 0 times

...

Oneida

1 months ago

A: I think D) Static Testing is the right choice.

upvoted 0 times

...

Bernardo

1 months ago

Hmm, I'm a bit torn between A) Automated Testing and D) Static Testing. Both of those seem relevant, but I'm leaning towards D since the question specifically mentions testing the source code in a non-runtime environment.

upvoted 0 times

...

Delmy

2 months ago

I'm pretty sure the answer is C) Dynamic Testing. We're talking about detecting SQL injection vulnerabilities, and dynamic testing involves testing the application in a runtime environment, which seems more appropriate for this kind of task.

upvoted 0 times

Tyisha

9 days ago

User 2

upvoted 0 times

...

Jennie

10 days ago

User 1

upvoted 0 times

...

Selma

2 months ago

I think the correct answer is D) Static Testing. The question states that the source code of the application is tested in a non-runtime environment, which is the definition of static testing.

upvoted 0 times