🔥 3-day streak
ISC2 CISSP — Certified Information Systems Security Professional31 / 129
Question 31 of 129

A banking web application allows authenticated users to transfer funds via a POST request. Security testing reveals that an attacker can host a malicious page that automatically submits a fund-transfer form to the bank's endpoint; if a logged-in victim visits the page, the transfer executes using the victim's active session cookie. The application relies solely on the session cookie to authorize the request. Which control most directly mitigates this vulnerability?

Reviewed for accuracy · Report an issueNext question