Welcome to ExamTopics
ExamTopics Logo
- Expert Verified, Online, Free.
Mail Us [email protected]
Menu

Unlimited Access

Get Unlimited Contributor Access to the all ExamTopics Exams!
Take advantage of PDF Files for 1000+ Exams along with community discussions and pass IT Certification Exams Easily.
Comptia Discussions

Exam CAS-003 topic 1 question 480 discussion

Actual exam question from CompTIA's CAS-003
Question #: 480
Topic #: 1
[All CAS-003 Questions]

SIMULATION -
A product development team has submitted code snippets for review prior to release.

INSTRUCTIONS -
Analyze the code snippets, and then select one vulnerability, and one fix for each code snippet.
If at any time you would like to bring back the initial state of the simulation, please click the Reset All button.

Code Snippet 1 -




Code Snippet 2 -



Show Suggested Answer Hide Answer
Suggested Answer: See explanation below.



by chris1025 at Sept. 28, 2021, 1:37 a.m.

Comments

Chosen Answer:
This is a voting comment (?) , you can switch to a simple comment.
Switch to a voting comment New
Submit Cancel
quagga
2 years, 4 months ago
The answers seem to be wrong!
upvoted 1 times
DrDoMe
2 years, 4 months ago
so whats your Answer
upvoted 2 times
quagga
2 years, 3 months ago
won't using prepared statements already protect against SQL injection? What's the vulnerability here in code snippet 1?
upvoted 1 times
AaronS1990
10 months ago
You really haven't got a clue have you
upvoted 1 times
tefyayaydu
5 months, 2 weeks ago
Quagga is correct, that's exactly what bind parameters do with JDBC. Input sanitization is still the correct answer as all input from a user should be validated. This answer is not assuming the tester is a developer.
upvoted 1 times
...
...
...
...
...
arawaco
2 years, 6 months ago
Code sniped 1 Is a easy (and antique) way to pass parameter to the server, and the mosta basic way to do a SQL injection https://www.geeksforgeeks.org/sql-injection-2/ So the fix is perfom input sanitization Code sniped 2 Is a little harder to find than the sniped 1. The code seem writed on the client HTTP GET request method is used to request a resource from the server. but you can send any HTTP headers with your GET request and send user authentication data in the Authorization header So the fix is prevent the «authenticated» value from being overridden by GET parameter.
upvoted 1 times
arawaco
2 years, 6 months ago
As a complement: An HTTP GET request is allowing the data to be stolen. Sensitive data should never be requested using an HTTP GETrequest. An HTTP POST request should be used instead
upvoted 1 times
...
...

Get IT Certification

Unlock free, top-quality video courses on ExamTopics with a simple registration. Elevate your learning journey with our expertly curated content. Register now to access a diverse range of educational resources designed for your success. Start learning today with ExamTopics!

Start Learning for free
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel