Question 1a what is the disparity between encryption and

Assignment Help PHP Web Programming

Reference no: EM13349379

QUESTION 1

(a) What is the disparity between encryption and hashing?

(b) Why is it not always probable to use a white list-based approach to input validation?

(d) A central safekeeping prerequisite that virtually any application needs to meet is controlling users' access to its data and functionality.

(i) Briefly outline the trio of interrelated safekeeping mechanisms that most web applications use to lever user access.

(ii) Why are an application's mechanisms for handling user access merely as brawny as the weakest of these components?

(e) The core safekeeping problem faced by web applications occurs in any situation where an application must agree to and process untrusted data that may be malicious. On the other hand, in the case of web applications, several issues have united to exacerbate the problem and give details why so many web applications on the Internet today do such a poor job of addressing it. Briefly sketch these key problem factors.

QUESTION 2

(a) Provide a potential safekeeping problem when using "$_REQUEST ['var']" in PHP in its place of the dedicated super global.

(b) Provide two ways to implement sessions in HTTP. State the benefits and disadvantages of each method.

(c) An application developer wants to stop an attacker from performing brute force attacks against the login function. For the reason that the attacker may target multiple usernames, the developer come to a decisions to store the number of failed efforts in an encrypted cookie, blocking any request if the number of unsuccessful efforts exceeds five. How can this defence be bypassed?

(d) Think about the following piece of PHP code:

<?php
session_regenerate_id();
$_SESSION['logged_in'] = TRUE;
?>

Give details for the purpose of the above code?

(e) Explicate the idea behind the CSRF attack? Give an instance of how such an attack can be performed.

(f) Someone designing an application for which safekeeping is remotely imperative must presuppose that it will be directly targeted by dedicated and skilled attackers. A key role of the application's safekeeping mechanisms is being able to handle and react to these attacks in a controlled way. Briefly outline the likely measures implemented to handle attackers.

QUESTION 3

(a) What is the differentiation between persistent cookies and session cookies?

(b) You have found SQL injection vulnerability but have been unable to carry out any useful assaults, as the application rejects any input containing whitespace. How can you work roughly this restriction?

(c) You have accepted a single quotation mark at numerous locations right through an application. From the resulting error communications you have diagnosed several potential SQL injection faults. Which one of the subsequent would be the safest location to test whether more crafted input has an effect on the application's processing, explaining your causatives?

(i) Registering a new user

(ii) Updating your personal details

(iii) Unsubscribing from the service

(d) Briefly draw round the different techniques and measures that can be employed to prevent SQL injection attacks

(e) What is the Cross Site Scripting (XSS) attack? Identify the two main categories of this type of attack and outline the outcomes of such an attack.

QUESTION 4

(a) Why can spot out all sources of user input for a moment be challenging when reviewing a PHP application?

(b) Briefly describe the session fixation attack and outline the mechanisms that can be employed to survive this attack.

(c) The architecture mechanism Linux, Apache, MySQL, and PHP are often bring into being installed on the same physical server. Why can this weaken the safekeeping posture of the application's architecture? (d) Chart the list of best practices that should be enforced when file uploads is allowed on websites and web applications (consider Apache/PHP platforms)

(e) Protected coding techniques are general guidelines that can be used to improve software safekeeping no matter what programming language is used for development. Briefly draw round some of the secure coding guidelines.

Reference no: EM13349379

Questions Cloud

Question 1broadly sort and discuss the types of safekeeping : question 1broadly sort and discuss the types of safekeeping that exists in communications?question 2a briefly confer

Question 1a critically examine the scope of marketing : question 1a critically examine the scope of marketing analysis that a company needs to undertake in the development of

Question 1the government of mauritius has recently launched : question 1the government of mauritius has recently launched a new concept to give a new impetus to the tourism

Question 1in todays highly competitive business world it is : question 1in todays highly competitive business world it is needless to mention that the need for a retention plan of

Question 1a what is the disparity between encryption and : question 1a what is the disparity between encryption and hashing?b why is it not always probable to use a white

Question 1case study the retail landscape has undergone a : question 1case study the retail landscape has undergone a lot of changes in the last 15 years in mauritius. the

Question 1a there are two analysis techniques in reverse : question 1a there are two analysis techniques in reverse engineering for mobile apps static and dynamic.i set apart

Question 1the best practice approach to the development of : question 1the best practice approach to the development of a human resource strategy has severe limitations. best fit

Question 1successful service managers identify that : question 1successful service managers identify that managing demand and capacity is vital for both productive use of

User Account

All Pages