menu

PHP Security


1. Which of the following is a method to prevent file inclusion vulnerabilities in PHP?

Using SSL encryption

Disabling file inclusion functions

Storing files outside the web root directory

Storing files in plaintext


2. Which of the following is a method to prevent Session Hijacking attacks in PHP?

Using SSL encryption

Using a strong session ID generator

Storing session data in cookies

Disabling cookies in the browser


3. Which of the following is a method to prevent code injection attacks in PHP?

Allowing file uploads

Disabling input validation

Using prepared statements and parameterized queries

Storing passwords in plaintext


4. Which of the following is a method to prevent session hijacking attacks in PHP?

Storing session IDs in plaintext

Using a fixed session ID

Using SSL encryption

Disabling session IDs


5. What is the purpose of the session_regenerate_id() function in PHP?

To regenerate the session ID

To destroy the session

To validate user input

To convert special characters to HTML entities


6. What is the purpose of the htmlspecialchars() function in PHP?

To encrypt passwords

To validate email addresses

To convert special characters to HTML entities

To generate random numbers


7. What is the purpose of the password_verify() function in PHP?

To encrypt data before storing it in a database

To hash passwords before storing them in a database

To validate user input

To convert special characters to HTML entities


8. What is the purpose of the md5() function in PHP?

To generate random numbers

To validate email addresses

To encrypt passwords

To convert special characters to HTML entities


9. What is a SQL injection vulnerability?

A vulnerability that allows an attacker to execute arbitrary code on a system

A vulnerability that allows an attacker to include a file from a remote server

A vulnerability that allows an attacker to bypass authentication

A vulnerability that allows an attacker to manipulate database queries


10. What is SQL Injection?

A type of Cross-Site Scripting attack

A vulnerability that allows an attacker to execute SQL statements against a database

A method to bypass CAPTCHA

A type of Denial-of-Service attack