Kizspy | Question: 7
(Choose 1 answer)
What is the primary difference between whitelisting and blacklisting in the context of mitigating OS Command
Injection vulnerabilities?
A. Both whitelisting and blacklisting offer equivalent levels of security and depend on the specific
implementation.
B. Whitelisting only allows a predefined set of commands, while blacklisting allows all commands by default
but blocks or filters out known unsafe commands.
C. Whitelisting requires less maintenance compared to blacklisting as it only defines a smaller list of permitted
commands.
D. Blacklisting is more secure as it prevents the execution of any unknown or potentially malicious command.
