Multiple choice technology security

Out of the following which can be considered as user input for which validation is not required

  1. Host Header

  2. Cookie

  3. Referrer Header

  4. None of the above

Reveal answer Fill a bubble to check yourself
D Correct answer
Explanation

ALL user-supplied input requires validation. Host Headers (A) can be used for cache poisoning or injection attacks. Cookies (B) contain user data that attackers can manipulate. Referrer Headers (C) can contain malicious URLs or scripts. Therefore 'None of the above' (D) is correct - there is no user input that can be safely trusted without validation.