An IS auditor discovers that validation controls in a web application have been moved from the server side into the browser to boost performance.
This would MOST likely increase the risk of a successful attack by:
Click on the arrows to vote for the correct answer
A. B. C. D.B.
The correct answer is B. Structured Query Language (SQL) injection.
Explanation:
Validation controls are put in place to ensure that user input is valid, which is a critical part of web application security. Validation controls can be implemented on the server side, which means that the input is checked on the server before it is processed, or on the client side, which means that the input is checked on the user's browser.
Moving validation controls from the server side to the client side can increase the risk of a successful SQL injection attack. SQL injection is a type of attack where an attacker injects malicious SQL code into a web application's input fields, allowing them to access or manipulate the database behind the application.
When validation controls are moved to the browser, it becomes easier for an attacker to bypass them because the validation code is visible to the attacker in the browser's source code. This means that an attacker can modify the validation code or disable it entirely, making it possible to inject malicious SQL code into the web application.
Phishing, denial of service (DoS), and buffer overflow attacks are not directly related to the use of validation controls in a web application. Phishing is a social engineering attack where an attacker attempts to trick a user into giving up sensitive information such as usernames and passwords. DoS attacks attempt to overwhelm a web application with traffic, making it unavailable to users. Buffer overflow attacks attempt to exploit vulnerabilities in a program's memory management system. While these attacks can be serious, they are not directly related to the use of validation controls in a web application.