Certified Cloud Security Professional (CCSP) — Question 331

Which of the following threat types involves the sending of commands or arbitrary data through input fields in an application in an attempt to get that code executed as part of normal processing?

Answer options

• A. Cross-site scripting
• B. Missing function-level access control
• C. Injection
• D. Cross-site forgery

Correct answer: C

Explanation

The correct answer is C, Injection, as it specifically refers to the act of inserting malicious data into an application to manipulate its execution. Options A, B, and D refer to different types of vulnerabilities: A deals with executing scripts in a different user's browser, B is about unauthorized access due to lack of controls, and D involves tricking a user into submitting unwanted actions.