Final answer:
Lack of input validation in applications can enable injection attacks, buffer overflows, path traversal attacks, and can also affect authentication and session management, thereby 5. all the mentioned attacks are correct.
Step-by-step explanation:
One type of attack that is enabled by a lack of input validation in applications is an injection attack. This can occur when an attacker sends untrusted data to an interpreter as part of a command or query. The attacker's malicious data can trick the interpreter into executing unintended commands or accessing data without proper authorization. Examples of injection attacks include SQL injection, where attackers manipulate an application to access or modify the data in a database, or script injection, where malicious scripts are injected into websites.
Buffer overflows can also result from inadequate input validation, leading to excess data overflowing into adjacent memory, which could be exploited to execute arbitrary code. Path traversal attacks exploit applications that use user input to access file systems without proper sanitization, potentially allowing attackers to access restricted directories. Lastly, attacks affecting authentication and session management, like improper handling of session tokens, could arise from other security flaws, but they are not directly the result of inadequate input validation.
Therefore, all the attack types mentioned can be facilitated by the lack of input validation, so the correct answer is 5. All of the above. It is essential for developers to perform proper input validation to protect against these vulnerabilities.