Which of the following threat types can occur when an application does not properly validate input and can be leveraged to send users to malicious sites that appear to be legitimate?

A. Unvalidated redirects and forwards

B. Insecure direct object references

C. Security miscomfiguration

D. Sensitive data exposure








 

Suggested Answer: A

Community Answer: A

Many web applications offer redirect or forward pages that send users to different, external sites. If these pages are not properly secured and validated, attackers can use the application to forward users off to sites for phishing or malware attempts. These attempts can often be more successful than direct phishing attempts because users will trust the site or application that sent them there, and they will assume it has been properly validated and approved by the trusted application's owners or operators. Security misconfiguration occurs when applications and systems are not properly configured for security--often a result of misapplied or inadequate baselines. Insecure direct object references occur when code references aspects of the infrastructure, especially internal or private systems, and an attacker can use that knowledge to glean more information about the infrastructure. Sensitive data exposure occurs when an application does not use sufficient encryption and other security controls to protect sensitive application data.

This question is in CCSP Certified Cloud Security Professional Exam
For getting Certified Cloud Security Professional (CCSP) Certificate






Disclaimers:
The website is not related to, affiliated with, endorsed or authorized by ISC. 
Trademarks, certification & product names are used for reference only and belong to ISC.
The website does not contain actual questions and answers from ISC's Certification Exams.