PHP Programming Basics Practice Test: Website Security using PHP — Flashcards | PHP & Programming | FatSkills

PHP Programming Basics Practice Test: Website Security using PHP — Flashcards

Fast review mode: answers are shown by default so you can skim quickly. Hide them if you want to self-test.

Here are some ways to secure a website using PHP:
Input validation:
Identify all input sources, such as URLs, cookies, forms, and headers, and validate and sanitize them.
Escape and encode output: Prevent cross-site scripting (XSS) attacks by escaping and encoding output before displaying it.
Whitelist validation: Only allow known-safe inputs.
Set length limits: Set reasonable length limits for input fields.
Monitor user input: Log and monitor user input for potential attack attempts.
Use secure password hashing: Use a cryptographic algorithm to transform passwords into a different form that is hard to reverse or guess.
Implement access control and user authentication: Use security-focused frameworks and libraries that protect against code injection attacks.
Protect against cross-site request forgery (CSRF): Use techniques like SameSite cookies and anti-CSRF libraries.
Use SSL certificates: Use SSL certificates in your applications to get end-to-end secured data transmission over the internet.
Update PHP regularly: Use versionscan to check for possible vulnerabilities of your PHP version.
Update open source libraries and applications: Keep your web server well maintained.
Use quotes in your data: If allowed in your database, then use quotes in all values in SQL statements.
Use escape characters: Use functions such as mysql_escape_string() to avoid genuine data interfering with SQL statement formats. 

1 of 10 Ready
Which one of the following statements should be used to disable just the fopen(), and file() functions?
disable_functions = fopen, file
Shortcuts
Prev Space Show / hide Next
Turn this into a study set.
Sign in with Google to save tricky questions to your reminder list and resume on any device.
Sign in with Google Free • no extra password