According to OWASP, injection is an attacker’s attempt to send data to an application in a way that will change the meaning of commands being sent to an interpreter. Which of the following least likely suffers from injection attacks? (Wentz QOTD)
A. File paths
B. LDAP queries
C. Obfuscated binary codes
D. Any program invocation
Kindly be reminded that the suggested answer is for your reference only. It doesn’t matter whether you have the right or wrong answer. What really matters is your reasoning process and justifications.
My suggested answer is C. Obfuscated binary codes.
Wentz’s book, The Effective CISSP: Security and Risk Management, helps CISSP and CISM aspirants build a solid conceptual security model. It is a tutorial for information security and a supplement to the official study guides for the CISSP and CISM exams and an informative reference for security professionals.
The injection is an attack that embeds malicious input data into a command to mislead an interpreter and compromise the system of interest. Commands processed by an interpreter are typically text-based scripts, so obfuscated binary codes are least likely to be injected in a command.
Reference
根據 OWASP 的說法,注入(injection)是攻擊者試圖以某種方式將數據發送到應用程序,從而改變發送到直譯器(interpreter)的命令的含義。 以下哪項最不可能遭受注入攻擊? (Wentz QOTD)
A. 文件路徑
B. LDAP 查詢
C. 混淆(obfuscated)二進制代碼
D. 任何程序調用