Lecture 10: Security
- Created by: Jam_Sheets
- Created on: 25-05-18 12:59
Other questions in this quiz
2. Which of these does not apply to Data Outside?
- The two security measures are Validation & Sanitisation.
- Data Outside refers to the data set in the program (script) by the developers.
- Such data is provided/supplied by the end users so it is less immutable and it should not be trusted in any circumstances.
- Outside data refers to the data imported to the script from outside of the script. E.g., Form inputs, GET & POST variables, (session) cookie values, database data & config files etc.
3. What is the first step of the Reflected XSS Process?
- When a user clicks on it, their session cookie will be sent to the attacker.
- Construct a link where malicious code is attached as parameters of a valid URL. http:..localhost/text.php?name=malicious+code
- Send it through emails, Instant messages, forum/blog posts and convince users to click on it (many people don't check originality of the URL).
- Encode the URL/use URL shortener to hide it.
4. Which of these if not a prevention strategy for an Email Injection?
- PHP Function - String search: stristr()
- PHP Function - Variable Filerting: filter_var()
- Validation - Encode special chatacters in ISO numeric values.
- Sanitisation - Cleanup data before importing them into mail(). For example; check certain keywords and characters such as "Content-Type", "BCC", "CC", "/r" or "\n" in email header.
- PHP Function - Regular expression match: preg_match()
5. Which of these is not a prevention strategy for an SQL Injection?
- PHP Function - regular expression: preg_match()
- PHP Function - prepared statement: mysqli_prepare()
- PHP Function - escaping: mysqli_real_escape_string()
- Validation - Typecasting and length check is username & password format are predefined.
- Sanitisation - Cleanup data before importing them into mail().
- Sanitisation - Remove "suspicious" characters.
Comments
No comments have yet been made