CISA Certified Information Systems Auditor – Question1809

Which of the following types of attack works by taking advantage of the unenforced and unchecked assumptions the system makes about its inputs?

A.
format string vulnerabilities
B. integer overflow
C. code injection
D. command injection
E. None of the choices.

Correct Answer: C

Explanation:

Explanation:
Code injection is a technique to introduce code into a computer program or system by taking advantage of the unenforced and unchecked assumptions the system makes about its inputs.