Question 1Which of the following countermeasures help developers prevent applications from becoming vulnerable to SQL injection attacks? 1 pointDesign the code such that it traps and handles exceptions appropriately Allow entries that contain binary data, escape sequences, and comment characters Never use a prepared statement to create a parameterized query Construct dynamic SQL with concatenated input values 2.Question 2Which of the following practices helps developers defend against SQL injection attacks? 1 pointAlways construct dynamic SQL with concatenated input values Build Transact-SQL statements directly from user input Never implement multiple layers of validation Test the content of string variables and accept only expected values
Question
Question 1Which of the following countermeasures help developers prevent applications from becoming vulnerable to SQL injection attacks? 1 pointDesign the code such that it traps and handles exceptions appropriately Allow entries that contain binary data, escape sequences, and comment characters Never use a prepared statement to create a parameterized query Construct dynamic SQL with concatenated input values 2.Question 2Which of the following practices helps developers defend against SQL injection attacks? 1 pointAlways construct dynamic SQL with concatenated input values Build Transact-SQL statements directly from user input Never implement multiple layers of validation Test the content of string variables and accept only expected values
Solution
The answer to the first question is "Design the code such that it traps and handles exceptions appropriately". This is because trapping and handling exceptions can prevent unexpected behaviors that could be exploited by an attacker. Allowing entries that contain binary data, escape sequences, and comment characters can actually make an application more vulnerable to SQL injection attacks. Using a prepared statement to create a parameterized query is a good practice to prevent SQL injection attacks, not a bad one. Constructing dynamic SQL with concatenated input values is a bad practice because it can make an application more vulnerable to SQL injection attacks.
The answer to the second question is "Test the content of string variables and accept only expected values". This is because validating input is a key defense against SQL injection attacks. Constructing dynamic SQL with concatenated input values and building Transact-SQL statements directly from user input are both bad practices because they can make an application more vulnerable to SQL injection attacks. Implementing multiple layers of validation is a good practice, not a bad one.
Similar Questions
8.Question 8Which of the following are coding techniques that can be used to prevent SQL injection attacks? Select three answers.1 pointInput validationInput sanitizationPublic key infrastructure (PKI)Prepared statements
You know that Injection vulnerabilities are one of the most critical vulnerabilities found ina web application. Explain how an Injection attack works and write a sample codeexplaining how SQL Injection vulnerability can be mitigated using Prepared Statements.
Which of the following is not a common technique used to prevent SQL injection attacks? Input validation Output encoding Prepared statements Session hijacking
Which of the following approaches is an effective way of protecting yourself against SQL injection?
Question 1Which of the following types of SQL injection attack is difficult to perform as the attacker needs to communicate with the server and determine the features of the database used by the web application? 1 pointBlind SQL injection In-band SQL injection Out-of-band SQL injection Inferential SQL injection 2.Question 2In which of the following attacks does an attacker pose a true or false question to a database to determine whether an application is vulnerable to SQL injection? 1 pointUnion SQL injection In-band SQL injection Blind SQL injection Error-based SQL injection
Upgrade your grade with Knowee
Get personalized homework help. Review tough concepts in more detail, or go deeper into your topic by exploring other relevant questions.