CSRF attacks primarily target which aspect of a web application?
- User Sessions
- Database Structure
- User Credentials
- Cross-Origin Resource Sharing (CORS)
CSRF (Cross-Site Request Forgery) attacks aim to exploit the user's active session, tricking them into performing unintended actions in an authenticated session.
Which of the following is NOT a recommended practice for secure session management?
- Storing sensitive data in sessions
- Using secure and HTTP-only cookies
- Implementing session timeout
- Generating random and unpredictable session IDs
Storing sensitive data in sessions is not a recommended practice for secure session management. Sensitive data should be stored securely on the server, and only a reference (such as a session ID) should be stored in the session. Storing sensitive data in sessions can expose it to potential session data leakage.
How can you prevent session fixation attacks in PHP?
- Regenerate session ID after login
- Use HTTPS to encrypt session data
- Use secure cookies
- Implement strong password policies
To prevent session fixation attacks, it's crucial to regenerate the session ID after a successful login to ensure the attacker can't predict the ID in advance. This improves security.
Which PHP configuration directive determines where session files are stored on the server?
- session.save_path
- session.cookie_lifetime
- session.gc_probability
- session.use_strict_mode
The 'session.save_path' directive in PHP determines the directory where session files are stored on the server. Understanding this directive is important for session management.
In PHP, which exception is thrown if there's an error during JSON encoding?
- JsonException
- ParseException
- EncodingException
- JsonEncodeError
In PHP, if there's an error during JSON encoding, a JsonException is thrown. This exception provides information about the JSON encoding error, such as invalid data or an encoding issue. It's important to catch this exception to handle JSON encoding errors gracefully.
The path for which the cookie is valid can be set using the ________ parameter in the setcookie() function.
- cookie.max_age
- cookie.secure
- cookie.expires
- cookie.path
The 'cookie.path' parameter in the setcookie() function defines the path for which the cookie is valid, allowing for precise control over cookie scope.
Which of the following headers can help in mitigating CSRF attacks?
- Content-Type
- X-Content-Security-Policy
- Referer-Policy
- X-Requested-With
The Referer-Policy header can help mitigate Cross-Site Request Forgery (CSRF) attacks by controlling which origins are allowed to make requests to the resource.
Imagine you are building an e-commerce application. When a user places an order, multiple operations like updating stock, logging order details, and processing payments are involved. Why would using transactions be beneficial in this scenario?
- To ensure data consistency
- To reduce database size
- To speed up data retrieval
- To simplify application code
Using transactions ensures that all the operations are treated as a single unit. If any part of the transaction fails, the entire transaction is rolled back, maintaining data consistency.
The method of ensuring that data conforms to specific rules or definitions is called ________.
- Validation
- Sanitization
- Normalization
- Serialization
The process of ensuring data conforms to specific rules or definitions is called validation, which is essential for data integrity and security.
One method to add an extra layer of security during user authentication is called two-factor ________.
- Authentication
- Authorization Code
- Verification
- Authentication
To enhance security during user authentication, implementing "two-factor Authentication" is a recommended practice. This involves using two different methods to verify a user's identity.
You're debugging a PHP script and notice that a block of code inside an 'if' condition is always executing, even when the condition is false. Which of the following operators might be the cause of this behavior?
- == (Equality)
- #NAME?
- === (Identity)
- != (Inequality)
The '=' operator is used for assignment, not comparison. This results in the condition always evaluating as true, causing the code block to execute.
A transaction in a database ensures that a series of operations are ________.
- Atomic
- Synchronized
- Rollbacked
- Optimized
A transaction in a database ensures that a series of operations are atomic, meaning they are treated as a single unit of work, and are either all completed or all rolled back in case of an error.