A company suspects a web server may have been infiltrated by a rival corporation. The security engineer reviews the web server logs and finds the following: ls -l -a /usr/heinz/public; cat ./config/db.yml
The security engineer looks at the code with a developer, and they determine the log entry is created when the following line is run: system ("ls -l -a #{path}")
Which of the following is an appropriate security control the company should implement?
A. Restrict directory permissions to read-only access.
B. Use server-side processing to avoid XSS vulnerabilities in path input.
C. Separate the items in the system call to prevent command injection.
D. Parameterize a query in the path variable to prevent SQL injection.
A company suspects a web server may have been infiltrated by a rival corporation. The security engineer reviews the web
-
answerhappygod
- Site Admin
- Posts: 899604
- Joined: Mon Aug 02, 2021 8:13 am
A company suspects a web server may have been infiltrated by a rival corporation. The security engineer reviews the web
Join a community of subject matter experts. Register for FREE to view solutions, replies, and use search function. Request answer by replying!