Investigate the functions available in PHP or another suitable Web scripting

Investigate the functions available in php or another

This preview shows page 10 - 12 out of 12 pages.

11.5 Investigate the functions available in PHP, or another suitable Web scripting language, tosanitize any data subsequently used in an SQL query. No short answer is available, as it depends on the scripting language chosen.11.6 Investigate the functions available in PHP, or another suitable Web scripting language, tointerpret the common HTML and URL encodings used on form data so that the values arecanonicalized to a standard form before checking or further use. No short answer is available, as it depends on the scripting language chosen.11.7 One approach to improving program safety is to use a fuzzing tool. These test programsusing a large set of automatically generated inputs, as we discuss in Section 11.2. Identity somesuitable fuzzing tools for a system that you know. Determine the cost, availability, and ease ofuse of these tools. Indicate the types of development projects they would be suitable to use in. 11.7 Key Terms, Review Questions, and Problems 413 414 Chapter 11 / Software Security No short answer is available, as it requires research to determine the current state of this field. Information on some fuzzing tools is available from the Fuzz Testing of Application Reliability () site. 11.8 Another approach to improving program safety is to use a static analysis tool, which scans the program source looking for known program deficiencies. Identity some suitable static
Image of page 10
analysis tools for a language that you know. Determine the cost, availability, and ease of use ofthese tools. Indicate the types of development projects they would be suitable to use in.(b) Web comment formNo short answer is available, as it requires research to determine the current state of this field.11.9 Examine the current values of all environment variables on a system you use. If possible,determine the use for some of these values. Determine how to change the values bothtemporarily for a single process and its children, and permanently for all subsequent logins onthe system.
Image of page 11
No detailed answer is available, as it depends on the system and shell used. The value of all environment variables can be displayed using the “env” command. A variable can be changed temporarily by changing the value of the corresponding shell variable, and then exporting it (details vary depending on the shell used). To change a value permanently for all subsequent logins on the system, the relevant shell startup file, either system-wide, or for a specific user, must be changed. Again the name and location of these files varies depending on the shell and system used 11.10 Experiment, on a Linux/UNIX system, with a version of the vulnerable shell script shown in Figures 11.6a and 11.6b, but using a small data file of your own. Explore changing first the PATH environment variable, then the IFS variable as well, and making this script execute another program of your choice. No short answer is available, as this question requires experimentation with the supplied scripts.
Image of page 12

You've reached the end of your free preview.

Want to read all 12 pages?

  • Winter '15

  • Left Quote Icon

    Student Picture

  • Left Quote Icon

    Student Picture

  • Left Quote Icon

    Student Picture