During an audit several customer order forms were found to contain inconsistencies between the actual price of an item and the amount charged to the customer Further investigation narrowed the cause of the issue to manipulation of the public-facing web form used by customers to order products .
Which of the following would be the BEST way to locate this issue?
A . Reduce the session timeout threshold
B. Deploy MFA for access to the web server
C. Implement input validation
D. Run a static code scan
Answer: C
Explanation:
In this scenario, the issue is related to manipulation of the public-facing web form, indicating that attackers might be altering the prices before submitting the form. One of the best ways to prevent such attacks is to implement input validation, which can help ensure that the data submitted to the web form is correct, complete, and in the expected format. Input validation can also help prevent SQL injection and other types of web-based attacks.
Reference: CompTIA CySA+ Certification Exam Study Guide, Exam CS0-002, Chapter 3: Vulnerability Management, Objective 3.3: Given a scenario, select the appropriate tools and techniques to discover security threats and vulnerabilities, pp. 125-128.
Input validation is a technique that involves checking and filtering the data entered by users into a web form or application for any malicious or invalid characters, commands, or values. Input validation can help prevent issues caused by manipulation of the public-facing web form used by customers to order products, such as inconsistencies between the actual price of an item and the amount charged to the customer. Reducing the session timeout threshold, deploying MFA for access to the web server, or running a static code scan are other possible techniques that can enhance the security or quality of a web form or application, but they do not address the issue of manipulation of the public-facing web form.
Reference: https://owasp.org/www-community/controls/Input_Validation
Latest CS0-002 Dumps Valid Version with 220 Q&As
Latest And Valid Q&A | Instant Download | Once Fail, Full Refund