During a penetration test, you have identified that an organization's web application is vulnerable to SQL injection attacks. Which of the following recommendations would be most effective in mitigating this risk?
Implement multifactor authentication for user logins
Keep the web server and database server software up to date through regular patch management
Enforce strong password requirements for all application users
Encrypt passwords stored within the application database
Sanitize user input and utilize parameterized queries
Sanitizing user input is the primary defense against SQL injection attacks. It involves validating and cleaning up all user-supplied data to prevent malicious SQL code from being executed. Parameterized queries, which separate SQL logic from data, are also an effective measure against SQL injection as they ensure that the input is treated strictly as data, not executable code. While strong passwords and multifactor authentication can improve overall security, they do not directly protect against SQL injection attacks. Similarly, encrypting passwords is essential for data protection but is not a mitigation strategy for SQL injection vulnerabilities. Regular patch management is important for addressing known vulnerabilities, but not as directly related to preventing SQL injections as sanitizing input and using parameterized queries.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What are SQL injection attacks?
Open an interactive chat with Bash
What are parameterized queries, and how do they work?
Open an interactive chat with Bash
What is input sanitization, and why is it important?