Certified SOC Analyst (CSA) — Question 98

Which of the following attack can be eradicated by converting all non-alphanumeric characters to HTML character entities before displaying the user input in search engines and forums?

Answer options

• A. Broken Access Control Attacks
• B. Web Services Attacks
• C. XSS Attacks
• D. Session Management Attacks

Correct answer: C

Explanation

The correct answer is C, XSS Attacks, because converting non-alphanumeric characters to HTML entities helps mitigate cross-site scripting vulnerabilities by preventing the execution of malicious scripts. The other options, such as Broken Access Control Attacks and Session Management Attacks, are not directly related to user input rendering and cannot be mitigated in the same way.