A security analyst is reviewing a web application. If an unauthenticated user tries to access a page in the application, the user is redirected to the login page. After successful authentication, the user is then redirected back to the original page. Some users have reported receiving phishing emails with a link that takes them to the application login page but then redirects to a fake login page after successful authentication. Which of the following will remediate this software vulnerability?
A. Enforce unique session IDs for the application.
B. Deploy a WAF in front of the web application.
C. Check for and enforce the proper domain for the redirect.
D. Use a parameterized query to check the credentials.
E. Implement email filtering with anti-phishing protection.
Answer: C. Check for and enforce the proper domain for the redirect.
You might also like to view...
If a counter namedMyCountin aForloop has the initial value of5on the first pass and we want it to go through 4 iterations, increasing its value by 5on each pass, the test condition would be written as __________.
Fill in the blank(s) with correct word
After declaring a default namespace, any ____________________ element or attribute is then considered part of this namespace unless a different namespace is declared within one of the child elements.
Fill in the blank(s) with the appropriate word(s).
A combination of fields, mathematical operators, and pre-built functions that calculates values
A) Quick Info B) Comparison operator C) Expression
Which social media platform was designed for creative self-expression and allows users to blog or talk about different issues and topics that they find relevant to themselves?
A. Tumblr B. Instagram C. Facebook D. Twitter