Question 25
Domain 3: Infrastructure, Network, and Workload SecurityWhich technique should be employed FIRST when sanitizing user input to prevent injection attacks in cloud applications?
Correct answer: B
Explanation
Input validation using a whitelist approach is the first defense because it allows only expected characters, formats, or values and rejects everything else. This follows the principle of "deny by default," which reduces the chance that malicious payloads reach cloud application components and trigger injection attacks.
Why each option is right or wrong
A. Output encoding
B. Input validation using whitelist approach
OWASP’s input-validation guidance treats allowlisting as the initial control: define the exact permitted characters, length, format, and range for each field, then reject anything outside those bounds before the data reaches parsing or query logic. In practice, that means the application blocks unexpected metacharacters and payloads at the boundary rather than trying to clean them later, which is why this is the first step against injection in cloud workloads.
C. Blacklisting known malicious patterns
D. Database query logging