During a penetration test, you discover that an application is vulnerable to SQL injection attacks due to improperly sanitized user input. In your report, which remediation strategy would be the most effective to address this specific vulnerability?
Implement mandatory vacations for the application development team.
Add an access control vestibule in front of the server room.
Enforce minimum password requirements for application users.
Parameterize queries to ensure user input is treated safely.
Parameterizing queries helps to prevent SQL injection attacks by separating SQL logic from user input. Using prepared statements ensures that user input is treated as data rather than part of the SQL logic, thereby mitigating the risk of an attacker injecting malicious SQL. The incorrect answers, while they may improve security posture in general, do not directly address the specific vulnerability of SQL injection as effectively as parameterizing queries.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is SQL injection and how does it work?
Open an interactive chat with Bash
What are prepared statements and how do they prevent SQL injection?
Open an interactive chat with Bash
What practices can be implemented alongside parameterized queries for better security?