Eccouncil Exam ECSAv10 Topic 4 Question 67 Discussion

Actual exam question for Eccouncil's ECSAv10 exam

Question #: 67
Topic #: 4

Black-box testing is a method of software testing that examines the functionality of an application (e.g. what the software does) without peering into its internal structures or workings. Black-box testing is used to detect issues in SQL statements and to detect SQL injection vulnerabilities.

Most commonly, SQL injection vulnerabilities are a result of coding vulnerabilities during the Implementation/Development phase and will likely require code changes. Pen testers need to perform this testing during the development phase to find and fix the SQL injection vulnerability.

What can a pen tester do to detect input sanitization issues?

ASend single quotes as the input data to catch instances where the user input is not sanitized

BSend double quotes as the input data to catch instances where the user input is not sanitized

CSend long strings of junk data, just as you would send strings to detect buffer overruns

DUse a right square bracket (the '']'' character) as the input data to catch instances where the user input is used as part of a SQL identifier without any input sanitization

Show Suggested Answer

Suggested Answer: D

by Aracelis at Apr 21, 2024, 04:06 AM

Limited Time Offer

25%

Off

Get Premium ECSAv10 Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

Submit Cancel

Edna

4 days ago

I think the answer is A) Send single quotes as the input data.

upvoted 0 times

...