CompTIA CASP+ (CAS-004) — Question 197

A security architect is implementing a web application that uses a database back end. Prior to production, the architect is concerned about the possibility of XSS attacks and wants to identify security controls that could be put in place to prevent these attacks. Which of the following sources could the architect consult to address this security concern?

Answer options

• A. SDLC
• B. OVAL
• C. IEEE
• D. OWASP

Correct answer: D

Explanation

The correct answer is D, OWASP, which provides extensive resources and guidelines specifically aimed at web application security, including XSS prevention. The other options, while relevant to various aspects of security, do not focus specifically on web application vulnerabilities like OWASP does.