Deal of The Day! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions
Mail Us support@pass4success.com
Location US
Mob_nav_barsMENU

Eccouncil Exam ECSAv10 Topic 4 Question 67 Discussion

Actual exam question for Eccouncil's ECSAv10 exam
Question #: 67
Topic #: 4
[All ECSAv10 Questions]

Black-box testing is a method of software testing that examines the functionality of an application (e.g. what the software does) without peering into its internal structures or workings. Black-box testing is used to detect issues in SQL statements and to detect SQL injection vulnerabilities.

Most commonly, SQL injection vulnerabilities are a result of coding vulnerabilities during the Implementation/Development phase and will likely require code changes. Pen testers need to perform this testing during the development phase to find and fix the SQL injection vulnerability.

What can a pen tester do to detect input sanitization issues?

Show Suggested Answer Hide Answer
Suggested Answer: D

by Aracelis at Apr 21, 2024, 05:06 AM

Limited Time Offer

25%

Off

Get Premium ECSAv10 Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

Submit Cancel
Geoffrey
4 days ago
Ah, the DUAL table - I remember learning about this. I'm confident I can identify the two true statements here.
upvoted 0 times
...
Genevieve
4 days ago
The Electronic Product Code seems like the most detailed and internationally recognized option here. I'm confident that's the right answer.
upvoted 0 times
...
Adell
14 days ago
I'm a bit confused on this one. Is it in the WFM Web for Agents or the WFM Configuration Utility? I'll need to review the WFM documentation to refresh my memory.
upvoted 0 times
...
Catarina
5 months ago
What, no option for ' or 1=1 '? That's the classic, folks. If that doesn't work, I'm just gonna start randomly mashing the keyboard until something breaks. Gotta keep 'em on their toes, right?
upvoted 0 times
...
Annelle
5 months ago
Junk data, huh? Sounds like a job for my special keyboard macro that spits out 10,000 characters in half a second. Bet that'll make the developers' heads spin!
upvoted 0 times
Cory
4 months ago
C) Send long strings of junk data, just as you would send strings to detect buffer overruns
upvoted 0 times
...
Louisa
4 months ago
B) Send double quotes as the input data to catch instances where the user input is not sanitized
upvoted 0 times
...
Lura
5 months ago
A) Send single quotes as the input data to catch instances where the user input is not sanitized
upvoted 0 times
...
...
Felicidad
5 months ago
Double quotes? Really? That's so 2000s. Everyone knows the right square bracket is where it's at these days. Gotta stay on top of the latest techniques, my friend.
upvoted 0 times
Lenna
4 months ago
D) Use a right square bracket (the '']'' character) as the input data to catch instances where the user input is used as part of a SQL identifier without any input sanitization
upvoted 0 times
...
Jesusita
5 months ago
B) Send double quotes as the input data to catch instances where the user input is not sanitized
upvoted 0 times
...
Mitsue
5 months ago
A) Send single quotes as the input data to catch instances where the user input is not sanitized
upvoted 0 times
...
...
Edna
6 months ago
Hmm, that makes sense too. It's important to test different types of input data to catch sanitization issues.
upvoted 0 times
...
Berry
6 months ago
I disagree, I believe the correct answer is D) Use a right square bracket as the input data.
upvoted 0 times
...
Aracelis
6 months ago
Ah, the classic SQL injection testing! I'm all over this. Single quotes are the way to go - that's the standard approach to uncover unsanitized input.
upvoted 0 times
Glory
5 months ago
User 2
upvoted 0 times
...
Lamonica
5 months ago
User 1
upvoted 0 times
...
...
Edna
6 months ago
I think the answer is A) Send single quotes as the input data.
upvoted 0 times
...

Save Cancel