Certified Cloud Security Professional (CCSP) — Question 50
Which one of the following threat types to applications and services involves the sending of requests that are invalid and manipulated through a user's client to execute commands on the application under the user's own credentials?
Answer options
- A. Injection
- B. Missing function-level access control
- C. Cross-site scripting
- D. Cross-site request forgery
Correct answer: D
Explanation
Cross-site request forgery (CSRF) is the correct answer because it allows an attacker to execute commands on behalf of a user without their consent by sending unauthorized requests. Injection vulnerabilities involve inserting malicious code, while missing function-level access control pertains to inadequate security measures protecting sensitive functions. Cross-site scripting (XSS) is about injecting scripts into web pages, not manipulating requests directly.