A penetration tester noticed special characters in a database table. The penetration tester configured the browser to use an HTTP interceptor to verify that the front-end user registration web form accepts invalid input in the user’s age field. The developer was notified and asked to fix the issue.
Which of the following is the MOST secure solution for the developer to implement?
A. IF $AGE == "!@#%^&*()_+<>?":{}[]" THEN ERROR
B. IF $AGE == [1234567890] {1,3} THEN CONTINUE
C. IF $AGE != "a-bA-Z!@#$%^&*()_+<>?"{}[]"THEN CONTINUE
D. IF $AGE == [1-0] {0,2} THEN CONTINUE
How to PASS CAS-004 in First Attempt?FULL Printable PDF and Software. VALID exam to help you PASS. |
 |
B. IF $AGE == [1234567890] {1,3} THEN CONTINUE
Using whitelisting (over blacklisting) is always the most secure way of validation.
I don’t think it’s D Zoolea, because the regx match would be if $AGE==[0-9] – at least in python anyway.
I’d stick with B
D ?