Certified Information Systems Auditor (CISA) — Question 481

What is the BEST control to address SQL injection vulnerabilities?

Answer options

• A. Digital signatures
• B. Input validation
• C. Unicode translation
• D. Secure Sockets Layer (SSL) encryption

Correct answer: B

Explanation

Input validation is the most effective method to prevent SQL injection by ensuring that only properly formatted data is accepted by the application. The other options, while useful for different security purposes, do not directly address the validation of user input that could lead to SQL injection vulnerabilities.