During the security assessment of a new application, a tester attempts to log in to the application but receives the following message: incorrect password for given username. Which of the following can the tester recommend to decrease the likelihood that a malicious attacker will receive helpful information?
A. Set the web page to redirect to an application support page when a bad password is entered.
B. Disable error messaging for authentication.
C. Recognize that error messaging does not provide confirmation of the correct element of authentication.
D. Avoid using password-based authentication for the application.
A. Set the web page to redirect to an application support page when a bad password is entered.
B. Disable error messaging for authentication.
C. Recognize that error messaging does not provide confirmation of the correct element of authentication.
D. Avoid using password-based authentication for the application.