How should you secure the queries?

Correct Answer for the following Question is given below

You are developing an ASP.NET MVC application that uses forms authentication. The application uses SQL queries that display customer order data.Logs show there have been several malicious attacks against the servers.You need to prevent all SQL injection attacks from malicious users against the application.How should you secure the queries?SQL Injection Prevention, Defense Option 1: Prepared Statements (Parameterized Queries)The use of prepared statements (aka parameterized queries) is how all developers should first be taught how to write database queries. They are simple to write, and easier to understand than dynamic queries. Parameterized queries force the developer to first define all the SQL code, and then pass in each parameter to the query later. This coding style allows the database to distinguish between code and data, regardless of what user input is supplied.Prepared statements ensure that an attacker is not able to change the intent of a query, even if SQL commands are inserted by an attacker.Reference: SQL Injection Prevention Cheat Sheet

Question:

How should you secure the queries?

Options:

Check the input against patterns seen in the logs and other records.

Escape single quotes and apostrophes on all string-based input parameters.

Implement parameterization of all input strings.

Filter out prohibited words in the input submitted by the users.

Correct Answer

The Correct Answer for this Question is

Implement parameterization of all input strings.

Explanation

The Question – How should you secure the queries? has been answered correctly and answers for the question is Implement parameterization of all input strings.

More about these Exams

These Exam Questions and the order of these questions keep changing. but the answers are obviously same. so if you don’t find a question after another we suggest you search it in the search box and we are sure you’ll find it. you can bookmark this site for Quick access in future.

We hope you found it helpful don’t forget to leave a comment if you feel a need to correct or ask we’re always here to help.

you can find more here at mnccertified

Feel free to contact via comment or email.

Happy Learning

Cheers, Team MNCcertified

Leave a Comment