Encryption and hashing, securing a new web server and a new

Encryption and hashing

Assignment Help PHP Web Programming

Reference no: EM133329

QUESTION 1

(a) What is the disparity between encryption and hashing?

(b) Why is it not always probable to use a white list-based approach to input validation?

(d) A central safekeeping prerequisite that virtually any application needs to meet is controlling users' access to its data and functionality.

(i) Briefly outline the trio of interrelated safekeeping mechanisms that most web applications use to lever user access.

(ii) Why are an application's mechanisms for handling user access merely as brawny as the weakest of these components?

(e) The core safekeeping problem faced by web applications occurs in any situation where an application must agree to and process untrusted data that may be malicious. On the other hand, in the case of web applications, several issues have united to exacerbate the problem and give details why so many web applications on the Internet today do such a poor job of addressing it. Briefly sketch these key problem factors.

QUESTION 2

(a) Provide a potential safekeeping problem when using "$_REQUEST ['var']" in PHP in its place of the dedicated super global.

(b) Provide two ways to implement sessions in HTTP. State the benefits and disadvantages of each method.

(c) An application developer wants to stop an attacker from performing brute force attacks against the login function. For the reason that the attacker may target multiple usernames, the developer come to a decisions to store the number of failed efforts in an encrypted cookie, blocking any request if the number of unsuccessful efforts exceeds five. How can this defence be bypassed?

(d) Think about the following piece of PHP code:

<?php
session_regenerate_id();
$_SESSION['logged_in'] = TRUE;
?>

Give details for the purpose of the above code?

(e) Explicate the idea behind the CSRF attack? Give an instance of how such an attack can be performed.

(f) Someone designing an application for which safekeeping is remotely imperative must presuppose that it will be directly targeted by dedicated and skilled attackers. A key role of the application's safekeeping mechanisms is being able to handle and react to these attacks in a controlled way. Briefly outline the likely measures implemented to handle attackers.

QUESTION 3

(a) What is the differentiation between persistent cookies and session cookies?

(b) You have found SQL injection vulnerability but have been unable to carry out any useful assaults, as the application rejects any input containing whitespace. How can you work roughly this restriction?

(c) You have accepted a single quotation mark at numerous locations right through an application. From the resulting error communications you have diagnosed several potential SQL injection faults. Which one of the subsequent would be the safest location to test whether more crafted input has an effect on the application's processing, explaining your causatives?

(i) Registering a new user

(ii) Updating your personal details

(iii) Unsubscribing from the service

(d) Briefly draw round the different techniques and measures that can be employed to prevent SQL injection attacks

(e) What is the Cross Site Scripting (XSS) attack? Identify the two main categories of this type of attack and outline the outcomes of such an attack.

QUESTION 4

(a) Why can spot out all sources of user input for a moment be challenging when reviewing a PHP application?

(b) Briefly describe the session fixation attack and outline the mechanisms that can be employed to survive this attack.

(c) The architecture mechanism Linux, Apache, MySQL, and PHP are often bring into being installed on the same physical server. Why can this weaken the safekeeping posture of the application's architecture? (d) Chart the list of best practices that should be enforced when file uploads is allowed on websites and web applications (consider Apache/PHP platforms)

(e) Protected coding techniques are general guidelines that can be used to improve software safekeeping no matter what programming language is used for development. Briefly draw round some of the secure coding guidelines.

Reference no: EM133329

Questions Cloud

Mobile wireless networks : 3G Safekeeping model, safekeeping architecture standards ITU-T X.805 and ISO/IEC 18028-2, access points (AP), network admission controller (NAC) and authentication server (AS)

Critically examine the scope of marketing analysis : Critically examine the scope of Marketing Analysis that a company needs to undertake in the development of a Marketing Strategy (b) The effectiveness of a Marketing Plan is dependent on segmenting, targeting, differentiation and positioning proce..

The different bases of market segmentation : The stages of the product life cycle The promotional mixes The different bases of market segmentation

What is customer relationship management : What is Customer Relationship Management and Give two major differences between CRM and eCRM

Encryption and hashing : securing a new web server and a new web application, input validation, CSRF attack, SQL injection vulnerability, Cross Site Scripting (XSS) attack, architecture mechanism Linux, Apache, MySQL, and PHP,

Discuss the role that loyalty programmes play : Discuss the role that Loyalty Programmes play in customer relationship development Using extensive theories, critically discuss the effectiveness of loyalty schemes in building customer loyalty in customer relationship programmes at Super U

Access control list : DNS Cache Poisoning attack, Turtle Shell Architecture,

Why might a best fit approach be more helpful : What are the severe limitations of the best practice approach What is meant by the best fit approach to the design and development of a human resource strategy Why might a best fit approach be more helpful

Define service recovery : Define service recovery Discuss the impact of the service recovery efforts on customer loyalty

User Account

All Pages