CompTIA CASP+ (CAS-003) — Question 52

A penetration tester noticed special characters in a database table. The penetration tester configured the browser to use an HTTP interceptor to verify that the front-end user registration web form accepts invalid input in the user's age field. The developer was notified and asked to fix the issue.
Which of the following is the MOST secure solution for the developer to implement?

Answer options

• A. IF $AGE == ג€!@#$%^&*()_+<>?ג€:{}[]ג€ THEN ERROR
• B. IF $AGE == [1234567890] {1,3} THEN CONTINUE
• C. IF $AGE != ג€a-bA-Z!@#$%^&*()_+<>?ג€:{}[]ג€ THEN CONTINUE
• D. IF $AGE == [1-0] {0,2} THEN CONTINUE

Correct answer: B

Explanation

Option B is the most secure solution because it strictly validates that the age input consists only of digits and is limited in length, ensuring proper data entry. The other options either allow invalid characters or do not enforce appropriate length and format, which could lead to security vulnerabilities.