KT-APP Insecure coding

A Node service builds SQL with template literals including user search terms. Risk?

Multiple choice — select one answer

Answer choices

  1. a. Fixed by minifying the source code before deploying to production containers, without security or identity team coordination per policy.
  2. b. Low risk if the database is hosted inside the same VPC as the application
  3. c. SQL injection allowing data theft or authentication bypass against the database
  4. d. No risk because Node is JavaScript and therefore memory-safe against injection, without security or identity team coordination per policy.

Architectural breakdown & explanation

Dynamic SQL concatenation is unsafe; use parameterized queries or ORM bindings.

Correct answer(s): c. SQL injection allowing data theft or authentication bypass against the database

Exam domain: Insecure coding (25% weight on the official guide).

Official documentation & study links

Practice this certification

This page is one question from the KeyTrain's Key Training — Application Security bank. Run a full timed practice exam with domain-weighted random questions in your browser.