Which two techniques protect against injection attacks? (Choose two.)
Click on the arrows to vote for the correct answer
A. B. C. D. E.AE.
Injection attacks occur when malicious users exploit vulnerabilities in an application to inject their own code into it. The two techniques that can protect against injection attacks are input validation and string escaping of user free text and data entry.
Input validation is the process of checking the user's input for correctness and safety. It ensures that only valid data is accepted by the application. By validating the user's input, the application can prevent malicious users from injecting their own code into the system.
String escaping is the process of replacing special characters with their equivalent escape sequences, making them safe to use in the application. This technique prevents malicious users from inserting their own commands or code into the application by escaping the characters that they might use to do so.
Trimming whitespace and limiting text areas to 255 characters do not provide any protection against injection attacks. These techniques are used to improve the application's performance and usability.
Using only dropdowns, checkboxes, and radio buttons also does not protect against injection attacks. These fields can still be manipulated by malicious users if they are not properly validated and escaped.
In summary, input validation and string escaping of user free text and data entry are two techniques that can protect against injection attacks. These techniques ensure that the user's input is safe and prevents malicious users from injecting their own code into the application.