During a penetration testing engagement, you have identified that a client's web application is vulnerable to code injection attacks due to the lack of input validation. Which recommendation would best align with integrating security practices into the client's software development life cycle?
Urge the client to enforce mandatory staff vacations to reduce the risk of insider threats which may lead to code injection vulnerabilities.
Recommend that the development team incorporates input validation and parameterized queries into their coding standards to prevent similar vulnerabilities in future releases.
Propose the addition of more comprehensive user training programs to prevent code injection attacks.
Suggest the implementation of better certificate management practices to secure the web application against code injection.
Advise the client to implement regular key rotation policies to mitigate the code injection attack.
Implementing input validation and parameterizing queries are steps in securing the software from injection vulnerabilities. This aligns with the secure software development life cycle as it helps prevent security issues early in the development phase, reducing the risk of such vulnerabilities appearing in the production environment. Recommendations regarding key rotation or certificate management would not directly address the current vulnerability and are less specific to the secure development process. While user training is important, it is categorized as an operational control and does not directly pertain to the development life cycle of the software.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What are code injection attacks and how do they occur?
Open an interactive chat with Bash
What are parameterized queries and how do they prevent code injection?
Open an interactive chat with Bash
Why is input validation critical in the software development life cycle (SDLC)?