A security architect discovers the following while reviewing code for a company's website: selection = "SELECT Item FROM Catalog WHERE ItemID = " & Request("ItemID") Which of the following should the security architect recommend?
The code shown is vulnerable to SQL injection, as it directly concatenates user input (Request("ItemID")) into a SQL query. This allows attackers to manipulate the input to execute arbitrary SQL commands.
Query parameterization (also known as prepared statements) is the best defense against SQL injection. It ensures that user input is treated strictly as data, not executable SQL code.
Query parameterization involves using placeholders in SQL statements, so user input is treated strictly as data, not as executable code. Prevents attackers from injecting malicious SQL code.
upvoted 2 times
...
This section is not available anymore. Please use the main Exam Page.CAS-005 Exam Questions
Log in to ExamTopics
Sign in:
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
HopHopHipHip
1 month, 2 weeks agovicbersong
2 months ago