CompTIA Security+ (SY0-501) — Question 204

Although a web enabled application appears to only allow letters in the comment field of a web form, malicious user was able to carry a SQL injection attack by sending special characters through the web comment field.
Which of the following has the application programmer failed to implement?

Answer options

• A. Revision control system
• B. Client side exception handling
• C. Server side validation
• D. Server hardening

Correct answer: C

Explanation

The correct answer is C, as server side validation is essential to ensure that inputs are properly checked and sanitized before being processed. The other options, such as A, B, and D, do not directly address the issue of input validation and therefore do not prevent SQL injection vulnerabilities.