Exam PT0-001 topic 1 question 138 discussion

looks good to me

Does anyone know what could be deleted with HTTP DELETE method? Could it potentially reach back to the DB and delete everything? I would assume just HTTP objects, but what do I know.

A.https://owasp.org/www-project-top-ten/

B. As part of the CIA triad you would want to ensure data integrity

First, Comptia is piggy backing their rankings off of the OWASP top 10. The #1 vuln on the OWASP top 10 is SQL injection, not XSS: Top 10 Web Application Security Risks A1:2017-Injection: Injection flaws, such as SQL, NoSQL, OS, and LDAP injection, occur when untrusted data is sent to an interpreter as part of a command or query. The attacker’s hostile data can trick the interpreter into executing unintended commands or accessing data without proper authorization. With that in mind and the obvious reference to a "vulnerable database", this should be SQL injection.

I believe we should focus on "contains a valuable database". Although XSS is considered a more dangerous attack, we would be more concerned with gaining access to the database via SQL injection. So A.

I also think A. I believe that Stored XSS is considered the #1 priority by Comptia.

I agree on A based on https://developer.mozilla.org/en-US/docs/Web/HTTP/Methods/DELETE the command will delete the specified resource (HTML or PHP), but an SQLi vulnerability could DROP the whole database, surely more devastating

I would say A or D but more towards A . Why is B ? why someone would want to delete ?

I guess A is the correct answer.