CyberTech Inc. recently experienced SQL injection attacks on its official website. The company appointed Bob, a security professional, to build and incorporate defensive strategies against such attacks. Bob adopted a practice whereby only a list of entities such as the data type, range, size, and value, which have been approved for secured access, is accepted.
What is the defensive technique employed by Bob in the above scenario?
The technique employed here is whitelist validation. This approach permits only inputs that conform to a predefined list of acceptable values, such as certain data types, ranges, sizes, and values. This prevents any unapproved inputs, including malicious code used in SQL injection attacks, from being processed. Hence, only secure and verified data is accepted, effectively defending against such security threats.
A. Whitelist validation In whitelist validation, only the inputs that have been explicitly allowed are accepted, and all other inputs are rejected. This technique involves specifying a list of entities such as the data type, range, size, and value, which have been approved for secure access. Any input that is not on the list is rejected, preventing attacks such as SQL injection, where an attacker attempts to inject malicious code into an application by exploiting vulnerabilities in user input fields.
A. Whitelist validation In whitelist validation, only the inputs that have been explicitly allowed are accepted, and all other inputs are rejected. This technique involves specifying a list of entities such as the data type, range, size, and value, which have been approved for secure access. Any input that is not on the list is rejected, preventing attacks such as SQL injection, where an attacker attempts to inject malicious code into an application by exploiting vulnerabilities in user input fields.
Whitelist is the correct answer but allowlist is more appropriate
A. Whitelist validation
He has created an explicit list of alllowable types: a whitelist.
Option A whitelist validation
Whitelist validation