The website http://companywebsite.com requires users to provide personal information, including security question responses, for registration.
Which of the following would MOST likely cause a data breach?
A.
Lack of input validation B.
Open permissions C.
Unsecure protocol D.
Missing patches.
C.
The website http://companywebsite.com requires users to provide personal information, including security question responses, for registration.
Which of the following would MOST likely cause a data breach?
A.
Lack of input validation
B.
Open permissions
C.
Unsecure protocol
D.
Missing patches.
C.
Option C, Unsecure Protocol, is the most likely cause of a data breach in the given scenario. An unsecured protocol means that the communication between the user's browser and the company's web server is not encrypted, leaving the information transmitted vulnerable to interception by attackers.
When users provide personal information and security question responses, it is typically sent over the internet to the company's server. If the website uses an unsecured protocol, such as HTTP, attackers can intercept this communication and steal the sensitive data.
On the other hand, lack of input validation (Option A) means that the website does not check the data provided by users for accuracy, completeness, or safety. This can lead to various issues, such as SQL injection or cross-site scripting attacks, but it is less likely to cause a data breach than an unsecured protocol.
Open permissions (Option B) refer to giving users or processes more access than they need, which can lead to unauthorized access or misuse of data. This is a concern, but it does not relate directly to the security of the website and user data in transit.
Missing patches (Option D) means that the website's software is not up-to-date with the latest security fixes, which can create vulnerabilities that attackers can exploit. However, this is less likely to cause a data breach than an unsecured protocol because attackers would still need to find a way to access the sensitive data through these vulnerabilities.
In summary, an unsecured protocol is the most likely cause of a data breach in the given scenario, as it would allow attackers to intercept sensitive data in transit.