Certified Information Systems Security Professional (CISSP) — Question 134

The defense strategy “never trust any input” is MOST effective against which of the following web-based system vulnerabilities?

Answer options

• A. Injection vulnerabilities
• B. Sensitive data exposure
• C. Man-in-the-browser attack
• D. Broken authentication

Correct answer: A

Explanation

The strategy 'never trust any input' is primarily aimed at preventing injection vulnerabilities, as it ensures that all user inputs are validated and sanitized before being processed. This approach does not directly prevent sensitive data exposure, man-in-the-browser attacks, or broken authentication, as those issues require different security measures.