02 Aug Practice Test Question – SQL Injection Attacks
Preparing for your next security certification exam? After trying your hand at this practice test question, join the FREE CertMike Study Group for the CISSP, Security+, CySA+, PenTest+, CISM+ or SSCP certification to receive new questions each week. You’ll also receive free access to my customized study strategies.
During a web application security review, Crystal discovered that one of her organization’s applications is vulnerable to SQL injection attacks. Where would be the best place for Crystal to address the root cause issue?
A. Database server configuration
B. Web application firewall
C. Web server configuration
D. Application code
Correct Answer: D
While it may be possible to mitigate this issue by adjusting settings on any of the devices mentioned here, the root cause of a SQL injection vulnerability is faulty input validation in the application’s source code. This root cause may only be addressed by modifying the application code.