A recently concluded penetration test revealed that a legacy web application is vulnerable to SQL injection. Research indicates that completely remediating the vulnerability would require an architectural change, and the stakeholders are not in a position to risk the availability on the application. Under such circumstances, which of the following controls are low-effort, short-term solutions to minimize the SQL injection risk? (Choose two.)
A) Identity and eliminate inline SQL statements from the code.
B) Identify and eliminate dynamic SQL from stored procedures.
C) Identify and sanitize all user inputs.
D) Use a whitelist approach for SQL statements.
E) Use a blacklist approach for SQL statements.
F) Identify the source of malicious input and block the IP address.
Correct Answer:
Verified
Q67: After establishing a shell on a target
Q68: During a penetration test, a tester runs
Q69: Given the following: http://example.com/download.php?id-.../.../.../etc/passwd Which of the
Q70: A tester intends to run the following
Q71: Joe, a penetration tester, has received basic
Q73: A company planned for and secured the
Q74: A client is asking a penetration tester
Q75: A penetration tester, who is not on
Q76: A penetration tester is attempting to capture
Q77: A penetration tester has run multiple vulnerability
Unlock this Answer For Free Now!
View this answer and more for free by performing one of the following actions
Scan the QR code to install the App and get 2 free unlocks
Unlock quizzes for free by uploading documents