An organization was breached via a web application attack to a database in which user...

The described scenario indicates aInjection (i)attack, where the attacker exploitsinsufficient input validationin a web application to manipulate queries. This type of attack falls under the category ofBroken Access Controlbecause:

Improper Input Handling:The application fails to properly sanitize or validate user inputs, allowing malicious commands to execute.

Direct Database Manipulation:Attackers can bypass normal authentication or gain elevated access by injecting code.

OWASP Top Ten 2021:ListsBroken Access Controlas a critical risk, often leading to data breaches when input validation is weak.

Other options analysis:

B. Infection:Typically involves malware, which is not relevant here.

C. Buffer overflow:Involves memory management errors, not manipulation.

D. X-Path:Involves XML query manipulation, not databases.

CCOA Official Review Manual, 1st Edition References:

Chapter 4: Web Application Security:Discusses Injection as a common form of broken access control.

Chapter 9: Secure Coding and Development:Stresses the importance of input validation to prevent i.