Deal of The Day! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions

Eccouncil Exam ECSAv10 Topic 7 Question 70 Discussion

Actual exam question for Eccouncil's ECSAv10 exam
Question #: 70
Topic #: 7
[All ECSAv10 Questions]

SQL injection attack consists of insertion or "injection" of either a partial or complete SQL query via the data input or transmitted from the client (browser) to the web application. A successful SQL injection attack can:

i) Read sensitive data from the database

iii) Modify database data (insert/update/delete)

iii) Execute administration operations on the database (such as shutdown the DBMS) iV) Recover the content of a given file existing on the DBMS file system or write files into the file system v) Issue commands to the operating system

Pen tester needs to perform various tests to detect SQL injection vulnerability. He has to make a list of all input fields whose values could be used in crafting a SQL query, including the hidden fields of POST requests and then test them separately, trying to interfere with the query and to generate an error.

In which of the following tests is the source code of the application tested in a non-runtime environment to detect the SQL injection vulnerabilities?

Show Suggested Answer Hide Answer
Suggested Answer: D

Contribute your Thoughts:

Selma
4 days ago
I think the correct answer is D) Static Testing. The question states that the source code of the application is tested in a non-runtime environment, which is the definition of static testing.
upvoted 0 times
...
Tesha
8 days ago
I'm not sure, but I think static testing is the best option to detect SQL injection vulnerabilities before runtime.
upvoted 0 times
...
Troy
10 days ago
I agree with Candida, because static testing involves analyzing the source code without executing it.
upvoted 0 times
...
Candida
11 days ago
I think the answer is D) Static Testing.
upvoted 0 times
...

Save Cancel