Month End Special Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: simple70

Discussions
  1. Home
  2. Discussions
  3. CompTIA
  4. CompTIA CASP
  5. CAS-004 Discussions
  6. CAS-004 Exam Topic 1 Question 9 Discussion
 CompTIA Discussions
Exam CAS-004 All Questions
Exam CAS-004 All Questions

View all questions & answers for the CAS-004 exam

Go to Exam

CompTIA CASP CAS-004 Question # 9 Topic 1 Discussion

CAS-004 Exam Topic 1 Question 9 Discussion:
Question #: 9
Topic #: 1

A product development team has submitted code snippets for review prior to release.

INSTRUCTIONS

Analyze the code snippets, and then select one vulnerability, and one fix for each code snippet.

Code Snippet 1

CAS-004 Question 9

Code Snippet 2

CAS-004 Question 9

Vulnerability 1:

    SQL injection

    Cross-site request forgery

    Server-side request forgery

    Indirect object reference

    Cross-site scripting

Fix 1:

    Perform input sanitization of the userid field.

    Perform output encoding of queryResponse,

    Ensure usex:ia belongs to logged-in user.

    Inspect URLS and disallow arbitrary requests.

    Implement anti-forgery tokens.

Vulnerability 2

1) Denial of service

2) Command injection

3) SQL injection

4) Authorization bypass

5) Credentials passed via GET

Fix 2

A) Implement prepared statements and bind

variables.

B) Remove the serve_forever instruction.

C) Prevent the "authenticated" value from being overridden by a GET parameter.

D) HTTP POST should be used for sensitive parameters.

E) Perform input sanitization of the userid field.
Get Premium CAS-004 Questions
Actual exam question for CompTIA CAS-004 exam by Lyric58149 at Feb 10, 2025, 10:18:43 AM

Contribute your Thoughts:


Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.

Submit