Exam 350-901 topic 1 question 168 discussion

I think A D E - using dropdown only in fixed set of values

A and D Elimination: B. Trim whitespace > whitespace is not the issue with injection attacks C. limit text areas to 255 characters > You could perform an injection with less than 255 characters. E. only use dropdown, checkbox, and radio button fields > This is client side code that prevents users to inject via a browser, but does not prevent a scripted attack.

Correct answers: A & D Against injection attacks: - Escaping Inputs/Sanitizing Inputs - Principle of Least Privilege - Parameterized queries and prepared statements - Prevent all SQL-generated error messages from being displayed to the end user - Password Hashing - Third Party Authentication - Data validation process to assess data against a set of rules - Intrusion prevention system (IPS) or a next-generation firewall (NGFW)

A and D are correct The following defense methods are available: - Escaping Inputs/Sanitizing Inputs - Principle of Least Privilege - Parameterized queries and prepared statements - Prevent all SQL-generated error messages from being displayed to the end user - Password Hashing - Third Party Authentication - Data validation process to assess data against a set of rules - Intrusion prevention system (IPS) or a next-generation firewall (NGFW)

A and D, dropdowns don't protect, they merely limit input, but can be ignored if you know what you are doing (like pressing F12)

a, d ...

It's A and D. Reference: https://www.hacksplaining.com/prevention/sql-injection