PHP Security, PHP

PHP Security

Question: Which of the following crypto in PHP returns longest hash value?
A
md5()

B
sha1()

C
crc32()

D
All return same length hash

Note: Not available
1. Report
Question: When attempting to prevent a cross-site scripting attack, which of the following is most important?
A
Not writing Javascript on the fly using PHP

B
Filtering Output used in form data

C
Filtering Output used in database transactions

D
Writing careful Javascript

E
Filtering all input

Note: Not available
1. Report
Question: Which of the following php.ini directives should be disabled to improve the outward security of your application?
A
safe_mode

B
magic_quotes_gpc

C
register_globals

D
display_errors

E
allow_url_fopen

Note: Not available
1. Report
Question: Which of the following list of potential data sources should be considered trusted?
A
None

B
$_ENV

C
$_GET

D
$_COOKIE

E
$_SERVER

Note: Not available
1. Report
Question: What is the best way to ensure the distinction between filtered / trusted and unfiltered / untrusted data?
A
None

B
Never trust any data from the user

C
Enable built-in security features such as magic_quotes_gpc and safe_mode

D
Always filter all incoming data

E
Use PHP 5's tainted mode

Note: Not available
1. Report
Question: Consider the following code:

<?php
session_start();

if(!empty($_REQUEST['id'])
&& !empty($_REQUEST['quantity'])) {
$id = scrub_id($_REQUEST['id']);
$quantity = scrub_quantity($_REQUEST['quantity'])
$_SESSION['cart'][] = array('id' => $id,
'quantity' => $quantity)
}

/* .... */

?>
What potential security hole would this code snippet produce?
A
Cross-Site Scripting Attack

B
There is no security hole in this code

C
Code Injection

D
SQL Injection

E
Cross-Site Request Forgery Choose 1 answer

Note: Not available
1. Report
Question: What is the best measure one can take to prevent a cross-site request forgery?
A
Disallow requests from outside hosts

B
Add a secret token to all form submissions

C
Turn off allow_url_fopen in php.ini

D
Filter all output

E
Filter all input

Note: Not available
1. Report
Question: Consider the following code:

<?php
header("Location: {$_GET['url']}");
?>
Which of the following values of $_GET['url'] would cause session fixation?
A
Session Fixation is not possible with this code snippet

B
http://www.zend.com/?PHPSESSID=123

C
PHPSESSID%611243

D
Set-Cookie%3A+PHPSESSID%611234

E
http%3A%2F%2Fwww.zend.com%2F%0D%0ASet-Cookie%3A+PHPSESSID%611234

Note: Not available
1. Report
Question: When implementing a permissions system for your Web site, what should always be done with regards to the session?
A
None

B
You should not implement permission systems using sessions

C
Sessions should be cleared of all data and re-populated

D
The session key should be regenerated

E
The session should be destroyed

Note: Not available
1. Report
Question: A fingerprint of a string can be determined using which of the following?
A
md5()

B
hash()

C
fingerprint()

D
None

E
biomatrix()

Note: Not available
1. Report

First Prev 1 2 Next Last

Question: Which of the following crypto in PHP returns longest hash value?

Question: When attempting to prevent a cross-site scripting attack, which of the following is most important?

Question: Which of the following `php.ini` directives should be disabled to improve the outward security of your application?

Question: Which of the following list of potential data sources should be considered trusted?

Question: What is the best way to ensure the distinction between filtered / trusted and unfiltered / untrusted data?

Question: What is the best measure one can take to prevent a cross-site request forgery?

Question: Consider the following code:

<?php
header("Location: {$_GET['url']}");
?>
Which of the following values of $_GET['url'] would cause session fixation?

Question: When implementing a permissions system for your Web site, what should always be done with regards to the session?

Question: A fingerprint of a string can be determined using which of the following?

Question: Which of the following crypto in PHP returns longest hash value?

Question: When attempting to prevent a cross-site scripting attack, which of the following is most important?

Question: Which of the following php.ini directives should be disabled to improve the outward security of your application?

Question: Which of the following list of potential data sources should be considered trusted?

Question: What is the best way to ensure the distinction between filtered / trusted and unfiltered / untrusted data?

Question: What is the best measure one can take to prevent a cross-site request forgery?

Question: Consider the following code:<?phpheader("Location: {$_GET['url']}");?> Which of the following values of $_GET['url'] would cause session fixation?

Question: When implementing a permissions system for your Web site, what should always be done with regards to the session?

Question: A fingerprint of a string can be determined using which of the following?

Question: Which of the following `php.ini` directives should be disabled to improve the outward security of your application?

Question: Consider the following code:

<?php
header("Location: {$_GET['url']}");
?>
Which of the following values of $_GET['url'] would cause session fixation?