CompTIA PenTest+ (PT0-002) — Question 198

A penetration tester uncovered a flaw in an online banking web application that allows arbitrary requests to other internal network assets through a server-side request forgery. Which of the following would BEST reduce the risk of attack?

Answer options

• A. Implement multifactor authentication on the web application to prevent unauthorized access of the application.
• B. Configure a secret management solution to ensure attackers are not able to gain access to confidential information.
• C. Ensure a patch management system is in place to ensure the web server system is hardened.
• D. Sanitize and validate all input within the web application to prevent internal resources from being accessed.
• E. Ensure that enhanced logging is enabled on the web application to detect the attack.

Correct answer: D

Explanation

The correct answer is D because sanitizing and validating all input can effectively prevent malicious requests from exploiting the server-side request forgery vulnerability. Options A, B, C, and E, while important for overall security, do not directly address the flaw that allows arbitrary requests to internal resources.