18 quizzes found.

When attempting to prevent a cross-site scripting attack, which of the following is most important?

  1. Not writing Javascript on the fly using PHP
  2. Filtering Output used in form data
  3. Filtering Output used in database transactions
  4. Writing careful Javascript
  5. Filtering all input

Choose 1 answers

Which of the following php.ini directives should be disabled to improve the outward security of your application?

  1. safe_mode
  2. magic_quotes_gpc
  3. register_globals
  4. display_errors
  5. allow_url_fopen

Choose 4 answers

Which of the following list of potential data sources should be considered trusted?

  1. None of the above
  2. $_ENV
  3. $_GET
  4. $_COOKIE
  5. $_SERVER

Choose 1 answers

What is the best way to ensure the distinction between filtered / trusted and unfiltered / untrusted data?

  1. None of the above
  2. Never trust any data from the user
  3. Enable built-in security features such as magic_quotes_gpc and safe_mode
  4. Always filter all incoming data
  5. Use PHP 5's tainted mode

Choose 1 answers

What potential security hole would this code snippet produce?


   && !empty($_REQUEST['quantity'])) {
  $id = scrub_id($_REQUEST['id']);
  $quantity = scrub_quantity($_REQUEST['quantity'])
  $_SESSION['cart'][] = array('id' => $id,
                              'quantity' => $quantity)

/* .... */

  1. Cross-Site Scripting Attack
  2. There is no security hole in this code
  3. Code Injection
  4. SQL Injection
  5. Cross-Site Request Forgery

Choose 1 answers