Computer Hacking Forensic Investigator (CHFI) — Question 21
You are carrying out the last round of testing for your new website before it goes live. The website has many dynamic pages and connects to a SQL backend that accesses your product inventory in a database. You come across a web security site that recommends inputting the following code into a search field on web pages to check for vulnerabilities: When you type this and click on search, you receive a pop-up window that says: "This is a test."
What is the result of this test?
Answer options
- A. Your website is vulnerable to CSS
- B. Your website is not vulnerable
- C. Your website is vulnerable to SQL injection
- D. Your website is vulnerable to web bugs
Correct answer: A
Explanation
The correct answer is A because receiving a pop-up message like 'This is a test' suggests that the website is processing the input in a way that indicates it can be manipulated, which is a sign of CSS vulnerabilities. Options B, C, and D are incorrect as they either suggest the website is secure or misidentify the type of vulnerability present.