A security analyst discovers that one of the web APIs is being abused by an unknown third party. Logs indicate that the third party is attempting to manipulate the parameters being passed to the API endpoint.
Which of the following solutions would best help to protect against the attack?
Correct Answer: D
WAF stands for Web Application Firewall, which is a type of firewall that can monitor, filter and block web traffic to and from web applications. WAF can protect web applications from common attacks such as cross-site scripting (XSS), SQL injection, directory traversal, buffer overflow and more. WAF can also enforce security policies and rules that can prevent parameter manipulation or tampering by an unknown third party. WAF is the best solution to help protect against the attack on the web API, as it can inspect the HTTP requests and responses and block any malicious or anomalous activity. Verified References:
* Other Application Attacks - SY0-601 CompTIA Security+ : 1.3
https://www.professormesser.com/security-plus/sy0-601/sy0-601-video/other-application-attacks/ (See Web Application Firewall)
* CompTIA Security+ SY0-601 Exam Cram
https://www.oreilly.com/library/view/comptia-security-sy0-601/9780136798767/ch03.xhtml (See Web Application Firewall)
* Security+ domain #1: Attacks, threats, and vulnerabilities [updated 2021]
https://resources.infosecinstitute.com/certification/security-domain-1-threats-attacks-and-vulnerabilities/ (See Web application firewall)