Certified Information Systems Auditor (CISA) — Question 683

An IS auditor discovers that validation controls in a web application have been moved from the server side into the browser to boost performance. This would
MOST likely increase the risk of a successful attack by:

Answer options

• A. denial of service (DoS).
• B. phishing.
• C. structured query language (SQL) injection.
• D. buffer overflow.

Correct answer: C

Explanation

Moving validation controls to the client-side makes it easier for attackers to manipulate input before it reaches the server, increasing the risk of SQL injection attacks. Denial of service, phishing, and buffer overflow are not directly related to input validation issues in the same way that SQL injection is.