CompTIA CASP+ (CAS-004) — Question 171

A security architect is advising the application team to implement the following controls in the application before it is released:

• Least privilege
• Blocklist input validation for the following characters: \<>;, ="#+

Based on the requirements, which of the following attacks is the security architect trying to prevent?

Answer options

• A. XML injection
• B. LDAP injection
• C. CSRF
• D. XSS

Correct answer: D

Explanation

The security architect is focused on preventing XSS (Cross-Site Scripting) attacks, which can exploit user input fields to inject malicious scripts. The recommended blocklist specifically targets characters commonly used in these attacks, while the least privilege principle helps limit potential damage. The other options, such as XML and LDAP injection, do not directly relate to the specified input validation controls.