Certified Incident Handler (CIH) Practice Ecam

What practice assists in eradicating broken access control attacks?

• A. Keep session tokens active after logout
• B. Remove session tokens on the server side when the user logs out
• C. Allow access to all users for testing
• D. Disable third-party plugins

The correct answer is: Remove session tokens on the server side when the user logs out

Eradicating broken access control attacks primarily involves ensuring that user sessions and permissions are appropriately managed. The practice of removing session tokens on the server side when a user logs out is a key method in preventing unauthorized access to resources after a user has completed their session. Once a user logs out, any session tokens should be invalidated or removed to ensure that those tokens cannot be reused. If an attacker were to obtain a session token that has not been cleared, they could potentially gain access to the user's account and perform actions on their behalf. By invalidating session tokens immediately upon logout, organizations significantly reduce the risk of session hijacking and unauthorized access. This step is crucial in maintaining robust access control, especially in applications where sensitive data is involved or where user actions can have significant consequences. In contrast, practices such as keeping session tokens active after logout or allowing access to all users for testing do not contribute to enhancing access control security and can lead to vulnerabilities. Disabling third-party plugins may improve overall stability or security posture but does not directly correlate with resolving broken access control specifically. Hence, the selected practice directly targets the vulnerabilities associated with session management and access control.