A security analyst is reviewing a web application. If an unauthenticated user tries to access a page in the application, the user is redirected to the login page. After successful authentication, the user is then redirected back to the original page. Some users have reported receiving phishing emails with a link that takes them to the application login page but then redirects to a fake login page after successful authentication.
Which of the following will remediate this software vulnerability?
A . Enforce unique session IDs for the application.
B . Deploy a WAF in front of the web application.
C . Check for and enforce the proper domain for the redirect.
D . Use a parameterized query to check the credentials.
E . Implement email filtering with anti-phishing protection.
Answer: D
Leave a Reply