A penetration tester managed to exploit a vulnerability using the following payload:
IF (1=1) WAIT FOR DELAY '0:0:15'
Which of the following actions would best mitigate this type ol attack?
The payload used by the penetration tester is a type of blind SQL injection attack that delays the response of the database by 15 seconds if the condition is true. This can be used to extract information from the database by asking a series of true or false questions. To prevent this type of attack, the best practice is to use parameterized queries, which separate the user input from the SQL statement and prevent the injection of malicious code. Encrypting passwords, encoding output, and sanitizing HTML are also good security measures, but they do not directly address the SQL injection vulnerability.Reference:
Blind SQL Injection | OWASP Foundation, Description and Examples sections
Time-Based Blind SQL Injection Attacks, Introduction and Microsoft SQL Server sections
Eun
8 months agoLaquanda
7 months agoDean
7 months agoDesire
8 months agoShawana
8 months agoIola
8 months agoJustine
8 months agoNgoc
8 months agoMargot
8 months agoColette
8 months agoLawana
8 months ago