Certified Ethical Hacker (CEH v13) — Question 236

CyberTech Inc. recently experienced SQL injection attacks on its official website. The company appointed Bob, a security professional, to build and incorporate defensive strategies against such attacks. Bob adopted a practice whereby only a list of entities such as the data type, range, size, and value, which have been approved for secured access, is accepted.
What is the defensive technique employed by Bob in the above scenario?

Answer options

• A. Whitelist validation
• B. Output encoding
• C. Blacklist validation
• D. Enforce least privileges

Correct answer: A

Explanation

The correct answer is Whitelist validation, which involves allowing only predefined entities that are considered safe. This method effectively prevents unauthorized access by rejecting anything that is not explicitly permitted. The other options, such as Blacklist validation and Output encoding, do not focus on restricting input to a predefined set, and Enforce least privileges pertains to access control rather than input validation.