Deal of The Day! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions
Mail Us support@pass4success.com
Location PL
Mob_nav_barsMENU

Eccouncil Exam 312-96 Topic 9 Question 31 Discussion

Actual exam question for Eccouncil's 312-96 exam
Question #: 31
Topic #: 9
[All 312-96 Questions]

During his secure code review, John, an independent application security expert, found that the developer has used Java code as highlighted in the following screenshot. Identify the security mistake committed by the developer?

Show Suggested Answer Hide Answer
Suggested Answer: C

by Rodolfo at Oct 21, 2024, 09:53 PM

Limited Time Offer

25%

Off

Get Premium 312-96 Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

Submit Cancel
Barrett
1 months ago
I bet the developer is just trying to make the code 'edgy' by using Blacklisting. Gotta stay hip, you know? But security should come first, not fashion.
upvoted 0 times
...
Lorean
1 months ago
Seriously, who uses Non-parametrized SQL queries these days? The developer must be living in the stone age or something.
upvoted 0 times
Mable
2 days ago
C) He is trying to use Blacklisting Input Validation
upvoted 0 times
...
Willodean
9 days ago
B) He is trying to use Non-parametrized SQL query
upvoted 0 times
...
Skye
9 days ago
C) He is trying to use Blacklisting Input Validation
upvoted 0 times
...
Mari
12 days ago
B) He is trying to use Non-parametrized SQL query
upvoted 0 times
...
Xochitl
23 days ago
A) He is trying to use Whitelisting Input Validation
upvoted 0 times
...
Julio
1 months ago
A) He is trying to use Whitelisting Input Validation
upvoted 0 times
...
...
Daron
2 months ago
Ah, the old Whitelist vs. Blacklist debate. I'm with John on this one - Blacklisting is a recipe for disaster. Does the developer even know what they're doing?
upvoted 0 times
...
Dell
2 months ago
Parametrized SQL Query is the way to go, my friend. Gotta keep those nasty SQL injections at bay!
upvoted 0 times
Ming
25 days ago
B) He is trying to use Non-parametrized SQL query
upvoted 0 times
...
Onita
28 days ago
A) He is trying to use Whitelisting Input Validation
upvoted 0 times
...
...
Howard
2 months ago
Looks like the developer is trying to use Blacklisting Input Validation, which is a big no-no. Can't believe they're still using that outdated technique!
upvoted 0 times
Quiana
1 months ago
Yes, Blacklisting Input Validation is not secure and can easily be bypassed by attackers.
upvoted 0 times
...
Irma
1 months ago
Developer should be using Parametrized SQL Query instead of Blacklisting Input Validation.
upvoted 0 times
...
...
Gearldine
2 months ago
I believe the correct approach would be to use Parametrized SQL Query for better security.
upvoted 0 times
...
Pamella
2 months ago
I agree with Terrilyn. Non-parametrized SQL queries are vulnerable to SQL injection attacks.
upvoted 0 times
...
Terrilyn
2 months ago
I think the developer made a mistake by using Non-parametrized SQL query.
upvoted 0 times
...

Save Cancel
az-700  pass4success  az-104  200-301  200-201  cissp  350-401  350-201  350-501  350-601  350-801  350-901  az-720  az-305  pl-300  

Warning: Cannot modify header information - headers already sent by (output started at /pass.php:70) in /pass.php on line 77