Computer Hacking Forensic Investigator (CHFI v10) — Question 396

A major corporation has faced multiple SQL injection attacks on its web application. They have a ModSecurity WAF in place with default settings. However, attacks are still getting through. The forensic investigator recommends a measure to enhance security. What is the most likely recommendation?

Answer options

• A. Customize ModSecurity rules according to their environment
• B. Replace ModSecurity with a next-generation firewall (NGFW)
• C. Install an additional conventional firewall for protection
• D. Implement real-time alerting and extensive logging capabilities

Correct answer: A

Explanation

Customizing ModSecurity rules to fit the specific environment is crucial because default settings may not effectively address unique vulnerabilities. The other options, while potentially useful, do not directly enhance the existing WAF's effectiveness against SQL injection attacks.