Encryption and hashing

Assignment Help PHP Web Programming
Reference no: EM133329

QUESTION 1

(a) What is the disparity between encryption and hashing?

(b) Why is it not always probable to use a white list-based approach to input validation?

(c) What are the most significant steps you would advise for securing a new web server and a new web application?

(d) A central safekeeping prerequisite that virtually any application needs to meet is controlling users' access to its data and functionality.

(i) Briefly outline the trio of interrelated safekeeping mechanisms that most web applications use to lever user access.

(ii) Why are an application's mechanisms for handling user access merely as brawny as the weakest of these components?

(e) The core safekeeping problem faced by web applications occurs in any situation where an application must agree to and process untrusted data that may be malicious. On the other hand, in the case of web applications, several issues have united to exacerbate the problem and give details why so many web applications on the Internet today do such a poor job of addressing it. Briefly sketch these key problem factors.

QUESTION 2

(a) Provide a potential safekeeping problem when using "$_REQUEST ['var']" in PHP in its place of the dedicated super global.

(b) Provide two ways to implement sessions in HTTP. State the benefits and disadvantages of each method.

(c) An application developer wants to stop an attacker from performing brute force attacks against the login function. For the reason that the attacker may target multiple usernames, the developer come to a decisions to store the number of failed efforts in an encrypted cookie, blocking any request if the number of unsuccessful efforts exceeds five. How can this defence be bypassed?

(d) Think about the following piece of PHP code:

<?php
session_regenerate_id();
$_SESSION['logged_in'] = TRUE;
?>

Give details for the purpose of the above code?

(e) Explicate the idea behind the CSRF attack? Give an instance of how such an attack can be performed.

(f) Someone designing an application for which safekeeping is remotely imperative must presuppose that it will be directly targeted by dedicated and skilled attackers. A key role of the application's safekeeping mechanisms is being able to handle and react to these attacks in a controlled way. Briefly outline the likely measures implemented to handle attackers.

QUESTION 3

(a) What is the differentiation between persistent cookies and session cookies?

(b) You have found SQL injection vulnerability but have been unable to carry out any useful assaults, as the application rejects any input containing whitespace. How can you work roughly this restriction?

(c) You have accepted a single quotation mark at numerous locations right through an application. From the resulting error communications you have diagnosed several potential SQL injection faults. Which one of the subsequent would be the safest location to test whether more crafted input has an effect on the application's processing, explaining your causatives?

(i) Registering a new user

(ii) Updating your personal details

(iii) Unsubscribing from the service

(d) Briefly draw round the different techniques and measures that can be employed to prevent SQL injection attacks

(e) What is the Cross Site Scripting (XSS) attack? Identify the two main categories of this type of attack and outline the outcomes of such an attack.

QUESTION 4

(a) Why can spot out all sources of user input for a moment be challenging when reviewing a PHP application?

(b) Briefly describe the session fixation attack and outline the mechanisms that can be employed to survive this attack.

(c) The architecture mechanism Linux, Apache, MySQL, and PHP are often bring into being installed on the same physical server. Why can this weaken the safekeeping posture of the application's architecture? (d) Chart the list of best practices that should be enforced when file uploads is allowed on websites and web applications (consider Apache/PHP platforms)

(e) Protected coding techniques are general guidelines that can be used to improve software safekeeping no matter what programming language is used for development. Briefly draw round some of the secure coding guidelines.

Reference no: EM133329

Questions Cloud

Mobile wireless networks : 3G Safekeeping model, safekeeping architecture standards ITU-T X.805 and ISO/IEC 18028-2, access points (AP), network admission controller (NAC) and authentication server (AS)
Critically examine the scope of marketing analysis : Critically examine the scope of Marketing Analysis that a company needs to undertake in the development of a Marketing Strategy (b) The effectiveness of a Marketing Plan is dependent on segmenting, targeting, differentiation and positioning proce..
The different bases of market segmentation : The stages of the product life cycle The promotional mixes The different bases of market segmentation
What is customer relationship management : What is Customer Relationship Management and Give two major differences between CRM and eCRM
Encryption and hashing : securing a new web server and a new web application, input validation, CSRF attack, SQL injection vulnerability, Cross Site Scripting (XSS) attack, architecture mechanism Linux, Apache, MySQL, and PHP,
Discuss the role that loyalty programmes play : Discuss the role that Loyalty Programmes play in customer relationship development Using extensive theories, critically discuss the effectiveness of loyalty schemes in building customer loyalty in customer relationship programmes at Super U
Access control list : DNS Cache Poisoning attack, Turtle Shell Architecture,
Why might a best fit approach be more helpful : What are the severe limitations of the best practice approach What is meant by the best fit approach to the design and development of a human resource strategy Why might a best fit approach be more helpful
Define service recovery : Define service recovery Discuss the impact of the service recovery efforts on customer loyalty

Reviews

Write a Review

PHP Web Programming Questions & Answers

  Random integral numbers based on normal distribution

Prepare a system to generate random integral numbers based on normal distribution. Study Data Generator's structure and extend number generation type to activate normal distribution.

  Shopping cart program for web applications class

Shopping Cart program for web applications class. Allows user to browse while keeping track of the items in which they will purchase at the end on the order page link and this will give a final price for all items.

  Create a web site for an apple farm

Create a web site for an apple farm. Create an HTML5 form allowing visitors to create an account with the site. Account details are to be stored in your MySQL database. Information should be stored in a secure way.

  Develop a dynamic website open university

Develop a dynamic website Open University

  Sample website project

This website consists of three sections: a narrative, a storyboard, and a business Website.

  Online banking application

Designing and developing a web applications The company you are working has secured a contract with a local banking group to develop an ONLINE BANKING APPLICATION using PHP and MySQL.

  Design a dynamic database

Design a dynamic database using Mangodb, html , and php.

  Show the accessibility and usability of website

The webpage must have several menus about country Azerbaijan such as "About Azerbaijan" "History" "Geography" "Landscape" and "Accessibility" menu.

  Implement a web application

Implement a web application called CS320Starter, which is similar to the crowd funding platform Kickstarter where people raise funds for their projects.

  Prepare an ajax enabled web form

Prepare an AJAX enabled web form utilising a ListView control that will allow logged-in staff to list, edit, delete, insert magazine details for magazines from a selected magazine category.

  Create a very simple order system as a web application

Create a very simple Order System as a web application.

  Which of the following jsp expressions is valid

A JSP expression can contain any Java expression that evaluates to a String object, Java object, primitive type, primitive type or Java object

Free Assignment Quote

Assured A++ Grade

Get guaranteed satisfaction & time on delivery in every assignment order you paid with us! We ensure premium quality solution document along with free turntin report!

All rights reserved! Copyrights ©2019-2020 ExpertsMind IT Educational Pvt Ltd