Which of the following headers can help in mitigating CSRF attacks?
- Content-Type
- X-Content-Security-Policy
- Referer-Policy
- X-Requested-With
The Referer-Policy header can help mitigate Cross-Site Request Forgery (CSRF) attacks by controlling which origins are allowed to make requests to the resource.
The path for which the cookie is valid can be set using the ________ parameter in the setcookie() function.
- cookie.max_age
- cookie.secure
- cookie.expires
- cookie.path
The 'cookie.path' parameter in the setcookie() function defines the path for which the cookie is valid, allowing for precise control over cookie scope.
In PHP, which exception is thrown if there's an error during JSON encoding?
- JsonException
- ParseException
- EncodingException
- JsonEncodeError
In PHP, if there's an error during JSON encoding, a JsonException is thrown. This exception provides information about the JSON encoding error, such as invalid data or an encoding issue. It's important to catch this exception to handle JSON encoding errors gracefully.
Which PHP configuration directive determines where session files are stored on the server?
- session.save_path
- session.cookie_lifetime
- session.gc_probability
- session.use_strict_mode
The 'session.save_path' directive in PHP determines the directory where session files are stored on the server. Understanding this directive is important for session management.
How can you prevent session fixation attacks in PHP?
- Regenerate session ID after login
- Use HTTPS to encrypt session data
- Use secure cookies
- Implement strong password policies
To prevent session fixation attacks, it's crucial to regenerate the session ID after a successful login to ensure the attacker can't predict the ID in advance. This improves security.
Which of the following is NOT a recommended practice for secure session management?
- Storing sensitive data in sessions
- Using secure and HTTP-only cookies
- Implementing session timeout
- Generating random and unpredictable session IDs
Storing sensitive data in sessions is not a recommended practice for secure session management. Sensitive data should be stored securely on the server, and only a reference (such as a session ID) should be stored in the session. Storing sensitive data in sessions can expose it to potential session data leakage.
CSRF attacks primarily target which aspect of a web application?
- User Sessions
- Database Structure
- User Credentials
- Cross-Origin Resource Sharing (CORS)
CSRF (Cross-Site Request Forgery) attacks aim to exploit the user's active session, tricking them into performing unintended actions in an authenticated session.
You're debugging a PHP script and notice that a block of code inside an 'if' condition is always executing, even when the condition is false. Which of the following operators might be the cause of this behavior?
- == (Equality)
- #NAME?
- === (Identity)
- != (Inequality)
The '=' operator is used for assignment, not comparison. This results in the condition always evaluating as true, causing the code block to execute.
In PDO, named placeholders in prepared statements start with the symbol ________.
- :param
- $param
- ?param
- @param
In PDO, named placeholders in prepared statements start with a colon (:), so they are typically written as :param.
In PHP, the ________ function is used to get the length of a string.
- strlen()
- count()
- sizeof()
- strlength()
In PHP, the strlen() function is used to determine the length (number of characters) of a string. It's particularly useful for validating input or working with text data.