GIAC Certified Incident Handler (GCIH) — Question 123

An organization needs to protect its PHP web applications from Cross-Site Scripting attacks. Which action should they take?

Answer options

• A. Configure the development API to use parameterized queries
• B. Use a random element when setting session cookies
• C. Configure the application to require two-factor authentication
• D. Use a third party library to filter input to the application

Correct answer: D

Explanation

Using a third party library to filter input is the most effective method to prevent Cross-Site Scripting attacks, as it helps sanitize user input and remove malicious scripts. The other options focus on different security aspects, such as database queries and authentication, which do not directly address the XSS vulnerabilities in input handling.