IT WS05 – WEB SECURITY REVIEWER

THREE ISSUES AT THE HEART OF COMPUTER SECURITY:

1. Secrets
2. Scarce Resources
3. Good netizenship

FIVE GOOD HABITS OF A SECURITY-CONSCIOUS DEVELOPER:

1. Nothing is 100% secure.

2. Never trust user input.
3. Defense in depth is the only defense.
4. Simpler is easier to secure.
5. Peer review is critical to security.

STRATEGIES FOR VALIDATING USER INPUT IN PHP:

1. SECURE PHP’S INPUTS BY TURNING OFF GLOBAL VARIABLES

2. DECLARE VARIABLES
3. ALLOW ONLY EXPECTED INPUT
4. CHECK INPUT TYPE, LENGTH, AND FORMAT
a. Checking Type
i. Strings
1. is_string()
ii. Numbers
1. Is_int() -
2. gettype()
3. intval()
4. (int) variable
5. settype()
iii. TRUE and FALSE
1. Is_bool()
b. Checking Length
i. strlen()
c. Checking Format
5. SANITIZE VALUES PASSED TO OTHER SYSTEMS.
a. Metacharacters
b. Email Addresses and Email
c. HTTP Header Values
d. Database Queries
e. HTML Output
f. Shell Arguments
g. Testing Input Validation

PREVENTING SQL INJECTION

1. DEMARCATE EVERY VALUE IN YOUR QUERIES

2. CHECK THE TYPES OF USERS’ SUBMITTED VALUES
3. ESCAPE EVERY QUESTIONABLE CHARACTER IN YOUR QUERIES
4. ABSTRACT TO IMPROVE SECURITY
a. Retrofitting an Existing Application
b. Securing a New Application
c. Full Abstraction
5. TEST YOUR PROTECTION AGAINST INJECTION

STRATEGIES OF PREVENTING SQL INJECTION

1. ENCODE HTML ENTITIES IN ALL NON-HTML OUTPUT

a. htmlentities() - PHP’s htmlentities() function will translate all characters with HTML entity
equivalents as those entities, thus rendering them harmless.

2. SANITIZE ALL USER-SUBMITTED URLS

a. parse_url() - PHP’s parse_url() function will split a URI into an associative array of parts. This
makes it easy to check what the scheme key points to (something allowable like http: or ftp:,
or something impermissible like javascript:).

3. USE A PROVEN XSS FILTER ON HTML INPUT

a. Design a Private API for Sensitive Transactions
b. Predict the Actions You Expect from Users
4. TEST FOR PROTECTION AGAINST XSS ABUSE
1. is often thought of as a simple matter of keeping private data private.
a. Secrets c. Privacy
b. Computer security d. Confidentiality
2. Choose the option that are NOT part of the issues of the heart of the security.
a. Good netizenship c. Integrity
b. Scarce resources d. Secrets
3. How do we turn off the global variable, $admin, by declaring them to secure a PHP input?
a. $admin = 0; c. $admin = “FALSE”;
b. $admin = “OFF”; d. $admin = “TRUE”;
4. Is declaring a variable in advance, a good practice for security?
a. NO b. YES
b. MAYBE d. NONE OF THE ABOVE
5. It is one of the STRATEGIES FOR VALIDATING USER INPUT, that you should explicitly list the
variables that you expect to receive on input, and copy them out of the GPC array
programmatically rather than manually.
a. ALLOW ONLY EXPECTED INPUT c. DECLARE VARIABLES
b. CHECKING TYPE d. CHECKING FORMAT
6. Are the easiest type to validate in PHP.
a. INT c. STRING
b. BOOLEAN d. FLOAT
7. It is the default data type of all form entries in PHP.
a. INT c. STRING
b. BOOLEAN d. FLOAT
8. Choose in the ff options that are NOT ways to check if the values are INTEGER.
a. Is_int() c. getType == “Integer”
b. strLen() d. int (value)
9. What is the ultimate generic test for determining whether a value is a number or not.
a. Settype(value, ‘integer’) c. getType == “Integer”
b. Is_numeric() d. int (value)
10. What is correct function use to verify that a value actually is either TRUE or FALSE.
a. Settype(value, ‘boolean’) c. getType == “bool”
b. Is_bool() d. strlen()
11. What is the correct function use to check the length of a String.
a. CheckLength() c. getType == “length”
b. Is_length() d. strlen()
12. It is one of the STRATEGIES FOR VALIDATING USER INPUT, that when you use this, you can
prevent buffer overflow and denial-of-service attacks.
a. ALLOW ONLY EXPECTED INPUT c. CHECKING LENGTH
b. CHECKING FORMAT d. CHECKING TYPE
13. It is one of the STRATEGIES FOR VALIDATING USER INPUT, that it is important to validate against
this to ensure that your application runs smoothly and safely
a. ALLOW ONLY EXPECTED INPUT c. CHECKING LENGTH
b. CHECKING FORMAT d. CHECKING TYPE
14. It is the best way to validate character, escape a wide range of dangerous characters
a. magic_quotes_gpc() c. htmlspecialChars()
b. addslashes() d. mysql_real_escape_string()
15. It is a sensitive kind of data, for they represent a kind of pathway between your server and the
outside world.
a. Client c. Server
b. Email address d. Confidentiality
16. It is also known as “proxies”.
a. intermediate HTTP servers c. intermediate Localhost
b. Localhost d. HTTP
17. In HTTP header Values, Any user input used in a Location: redirect should be encoded using
a. Codeurl() c. urlncode()
b. Is_url() d. HTTPurl()
18. What is an attack that tricks the user’s browser into leaking the value of her credentials or
cookies.
a. XSS c. CRSF
b. Denial Of Service d. SQL injection
19. have special meaning to the operating system at the same time as they are perfectly normal
characters that could easily appear in user input.
a. HTTP header Values c. MetaCharacters
b. Shell Arguments d. Email Address
20. What is your most treasured resource.
a. Assets c. Data
b. Money d. Bank Account
21. Your primary goal in writing scripts to access that data should be.
a. To earn money c. To sell your user’s data
b. to protect your users’ data d. To be a programmer
22. Are designed to promote the convenient access and manipulation of their data
a. Databases c. Security
b. Scripts d. Assets
23. What is someone who substitutes his own destructive commands in place of yours. This act of
substitution is called
a. SQL c. XSS
b. Securing d. Injection
24. The primary source of SQL injection attempts is?
a. Expected form entry c. Unexpected form entry
b. Form data d. Length of from entry
25. What is the most appropriate if you have an existing application that you wish to harden.
a. simple abstraction layer c. Difficult abstraction layer
b. Intermediate abstraction layer d. Unexpected abstraction layer
26. What is the correct function to check whether an expected time or date is valid.
a. Checktime() c. strtotime()
b. Validatetime() d. inttotime()
27. What is the attempts to insert malicious SQL instructions into a database query that is executed
out of public view.
a. CRSF attack c. XSS
b. SQL injection d. DOS attack
28. Attempts to insert malicious markup or JavaScript code into values that are subsequently
displayed in a web page. This malicious code attempts to take advantage of a user’s trust in a
website, by tricking him (or his browser) into performing some action or submitting some
information to another, untrusted site.

a. CRSF attack c. XSS

b. SQL injection d. DOS attack
29. The most basic and obvious of XSS attacks is the
a. insertion of HTML and CSS content c. insertion of SQL content
b. insertion of Javascipt content
30. URIs Another XSS technique finds an attacker forging URIs that carry out some action on your
site, when an authenticated user unwittingly clicks them.
a. URL action c. Forged Imaged Action
b. forged Action
31. Will translate all characters with HTML entity equivalents as those entities, thus rendering them
harmless.
a. Htmlspecialchars() c. htmlentities()
b. mysql_real_escape_string()
32. What is the correct PHP function for displaying the setting/configuration on your PHP server?
a. Phpconfig() c. settings()
b. Config() d. phpinfo()
33. What is the name of the file for setting the configuration of your PHP server where you can set
directives such as register_globals?
a. config.ini c. php.ini
b. setting.ini ; d. directives.ini
34. What is the correct syntax for disabling the display of errors in PHP?
a. display_errors(1) c. disable_errors()
b. display_errors(0) d. directives.ini
35. What is the correct PHP function for getting the type of a variable in PHP?
a. settype() c. is_int()
b. gettype() d. is_integer()
36. What is the correct PHP function for preventing SQL injection in PHP?
a. real_escape_string() c. sql_escape_string()
b. mysql_real_escape_string() c. sql_real_escape_string()
37. What is the meaning of the acronym XSS?
a. Extra-Site Scripting c. Cross-Site Scripting
b. Extreme-Site Scripting c. Hack-Site Scripting
38. What is the correct PHP function that will split a URI into an associative array of parts?
a. split_url() c. url_assoc()
b. parse_url()