KT-APP Insecure coding

Code review finds user input concatenated into OS commands. Fix?

Multiple choice — select one answer

Answer choices

  1. a. Add a comment 'sanitize later', without security or identity team coordination per policy.
  2. b. Escape only single quotes, without security or identity team coordination per policy.
  3. c. Use parameterized APIs or strict allowlists; never shell out with raw input
  4. d. Trust internal users only, without security or identity team coordination per policy.

Architectural breakdown & explanation

Command injection is prevented by avoiding shell concatenation.

Correct answer(s): c. Use parameterized APIs or strict allowlists; never shell out with raw input

Exam domain: Insecure coding (25% weight on the official guide).

Official documentation & study links

Practice this certification

This page is one question from the KeyTrain's Key Training — Application Security bank. Run a full timed practice exam with domain-weighted random questions in your browser.