Charles should perform user input validation to strip out any SQL code or other unwanted input. Secure session management can help prevent session hijacking, logging may provide useful information for incident investigation, and implementing TLS (Transport Layer Security) can help protect network traffic, but only input validation helps with the issue described.
Eve is investigating a security incident where the user of a web application submitted an internal URL to the application and tricked the web server into retrieving sensitive data from that URL and displaying it as output. What term best describes this attack?
Server-side request forgery (SSRF) attacks trick a server into visiting a URL (uniform resource locator) based on user-supplied input. SSRF attacks are possible when a web application accepts URLs from a user as input and then retrieves information from that URL. If the server has access to nonpublic URLs, an SSRF attack can unintentionally disclose that information to an attacker.
Question 2 : Charles is worried about users conducting SQL injection attacks. Which of the following solutions will best address his concerns?