CompTIA CySA+ (CS0-001) — Question 153

A web application has a newly discovered vulnerability in the authentication method used to validate known company users. The user ID of Admin with a password of "password" grants elevated access to the application over the Internet. Which of the following is the BEST method to discover the vulnerability before a production deployment?

Answer options

• A. Manual peer review
• B. User acceptance testing
• C. Input validation
• D. Stress test the application

Correct answer: C

Explanation

Input validation is crucial for identifying vulnerabilities by ensuring that only properly formatted data is processed, which can help mitigate risks like the one described. Manual peer review, user acceptance testing, and stress testing do not specifically focus on validating user inputs and may not effectively uncover the authentication vulnerability before deployment.