Discover the best approach to identify inconsistencies between actual prices and amounts charged in customer order forms. Learn how input validation and dynamic code analysis can help pinpoint the issue caused by web form manipulation.
Table of Contents
Question
During an audit, several customer order forms were found to contain inconsistencies between the actual price of an item and the amount charged to the customer. Further investigation narrowed the cause of the issue to manipulation of the public-facing web form used by customers to order products. Which of the following would be the best way to locate this issue?
A. Reduce the session timeout threshold.
B. Deploy MFA for access to the web server.
C. Implement input validation.
D. Run a dynamic code analysis.
Answer
C. Implement input validation.
Explanation
The best way to locate the issue of inconsistencies between the actual price of an item and the amount charged to the customer, caused by manipulation of the public-facing web form, is to implement input validation (Option C).
Input validation is a process of ensuring that the data entered by users through web forms or other input fields meets the expected format, length, and content requirements. By implementing strict input validation, the system can reject or sanitize any malicious or unexpected input that could lead to price manipulation.
Input validation can be performed on both the client-side (using JavaScript) and the server-side (using server-side programming languages like PHP, Java, or Python). Client-side validation provides immediate feedback to the user, while server-side validation is essential for security, as client-side validation can be bypassed.
Proper input validation techniques for preventing price manipulation include:
- Numeric validation: Ensure that the price field only accepts numeric values within a specified range.
- Data type validation: Verify that the input matches the expected data type (e.g., integer, float, or decimal).
- Length validation: Limit the input length to prevent buffer overflow attacks or unexpected values.
- Whitelist validation: Only allow specific, pre-approved values for the price field.
While dynamic code analysis (Option D) can help identify vulnerabilities in the application’s source code, it may not directly pinpoint the specific issue of price manipulation through the web form. Reducing the session timeout threshold (Option A) and deploying MFA for access to the web server (Option B) are good security practices but do not directly address the problem of input validation and price manipulation.
CompTIA CySA+ CS0-002 certification exam practice question and answer (Q&A) dump with detail explanation and reference available free, helpful to pass the CompTIA CySA+ CS0-002 exam and earn CompTIA CySA+ CS0-002 certification.