During an application security assessment, a security analyst discovers that user input is being directly concatenated into SQL statements. What secure coding practice should be implemented to mitigate this vulnerability?
Secure logging
Parameterized queries
Error handling
Input sanitization
Parameterized queries (also known as prepared statements) are the correct solution because they separate SQL code from data by using placeholders for parameters. This ensures that user input is always treated as data rather than executable code, effectively preventing SQL injection attacks regardless of the input content.
Input sanitization involves filtering or cleaning user input to remove potentially malicious characters. While this can help reduce the risk of SQL injection, it's not as reliable as parameterized queries because sanitization filters can often be bypassed by sophisticated attacks and may not address all possible injection vectors.
Error handling focuses on managing application responses when errors occur. While proper error handling is important for security (preventing information leakage), it doesn't prevent SQL injection attacks from occurring in the first place. It might hide error details from attackers but doesn't fix the underlying vulnerability.
Secure logging is the practice of properly recording application events without exposing sensitive information. While logging is crucial for security monitoring and incident response, it doesn't prevent SQL injection attacks. Logging would only record that an attack happened but wouldn't stop it from succeeding.
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
All IT & Cybersecurity Package plans include the following perks and exams .
Our pricing is simple. Full access to all certifications and exams in each package, for one price.
As many practice tests for as many topics as you want.
Use study mode non-stop, no limits.
Access to our AI assistant, Bash, trained to help you pass your exam.
Track your scores over time in study mode and report cards.
See how you improve over time, and where you need to focus.
Access our store with even bigger discounts than before.
Unlimited access to all performance questions and be prepared for the real thing.
All IT & Cybersecurity Package plans include unlimited access to the following study materials.
Create an account or sign in to access our study materials.