Preventing SQL Injection Attacks on Your OCI Web Application

D.

The best answer to safeguard the web application against SQL injection attacks is C. Web Application Firewall (WAF).

Explanation: SQL injection attacks are one of the most common security vulnerabilities in web applications. In a SQL injection attack, an attacker tries to manipulate the SQL query executed by the application to extract or modify data in the database. In this particular case, the attacker is trying to use SQL comments to remove the password check and log in as a user.

To prevent SQL injection attacks, a web application firewall (WAF) can be used. A WAF is a security solution that monitors and filters traffic between a web application and the internet. It can detect and block attacks like SQL injection by analyzing the incoming traffic and looking for suspicious patterns or signatures.

The other options, Network Security Group (A), Data Safe (B), and Vault (D) do not provide specific protection against SQL injection attacks.

Network Security Group is a firewall service that controls inbound and outbound traffic to a virtual cloud network (VCN) or a specific set of resources within the VCN. While it can help secure the infrastructure, it does not provide protection against attacks on the application layer.

Data Safe is a cloud service that helps secure and manage Oracle Databases by identifying and mitigating security risks. While it can provide valuable security features for databases, it does not protect web applications against SQL injection attacks.

Vault is a cloud service that provides a secure location to store and manage cryptographic keys, passwords, and other secrets. It is not designed to protect web applications from SQL injection attacks.

Therefore, the best answer to safeguard the web application against SQL injection attacks is C. Web Application Firewall (WAF).