Use LEFT and RIGHT arrow keys to navigate between flashcards;
Use UP and DOWN arrow keys to flip the card;
H to show hint;
A reads text to speech;
161 Cards in this Set
- Front
- Back
|
What is a key concept to server-side scripting languages?
|
A web server will only ever return a web-page |
|
|
What do web servers respond to requests for? |
CGI scripts |
|
|
CGI engines have what passed to them? |
Requests for CGI scripts, with parameters |
|
|
What protocol do the Apache, IIS, MySQL, and MS-SQL servers have? |
TCP/IP |
|
|
What is the process for a web-client process? |
Client to server: HTTP request -> server to scripting engine parameters -> scripting to database SQL query and parameters -> database to scripting recordset -> scripting to server HTML output -> server to client HTTP response |
|
|
What tier is PHP? |
Middle tier, server-side scripting web technology |
|
|
What does PHP generate? |
HTML output, in response to requests from a browser |
|
|
How does PHP work? |
Code is saved on an Apache server The code is input, parsed, compiled, executed, and its output is shown on a web browser through HTML code |
|
|
How is a PHP script cached? |
It is pre-compiled, zend-compiled, then the op-codes are stored |
|
|
What functions can be used for debugging? |
print_r() var_dump() var_export() xdebug |
|
|
What does the PHP Formal Specification specify? |
How PHP should work, defines structure, syntax, grammar of the language |
|
|
What is a data structure? |
A way of storing and organising data in a computer so it can be used efficiently |
|
|
How is text outputted? |
Echo, print, print_r, var_dump |
|
|
How do the logical operators &&, AND, compare against ||? |
|| has a higher priority than AND, but less than && |
|
|
What are the four scalar data types? |
boolean integer float string |
|
|
What are the two compound data types? |
Array object |
|
|
What are the two special data types? |
Resource NULL |
|
|
What property does a variable in PHP have? |
Its name and the content it stores can be independent of each other |
|
|
How do arrays in PHP behave? |
They are ordered maps, maps being a type that associates values to keys |
|
|
How can multidimensional arrays and trees be initialised in PHP? |
Arrays values can be other arrays - an array within an array |
|
|
How do you create single line comments? |
// or CTRL + / |
|
|
How do you create multi-line comments |
/* */ or Shift + CTRL + / |
|
|
How do you create Doc Blocks |
/** */ |
|
|
What are strings known as? |
Literals, distinguishing them from variables |
|
|
Why are strings in single quotes processed faster than double quotes? |
PHP evaluates strings in double quotes, inserting values stored in embedded variables, if there are any |
|
|
What are string blocks? |
Constructs that handle blocks of text |
|
|
How are string blocks defined? |
'<<<' |
|
|
What are the two main types of string blocks? |
'HEREDOC' and 'NOWDOC' |
|
|
What is the difference between the two string blocks? |
HEREDOC can embed variables |
|
|
What are the requirements for a block close statement? |
Must start in column 0, Must have a ';' Must be a new line after the block close statement |
|
|
How do you typecast a variable in PHP? |
(type) $variable |
|
|
How do you define a web page header in PHP? |
$page_header = <<< HEADER |
|
|
How do you define a web page body in PHP? |
$page_body = <<< BODY |
|
|
How do you define a web page footer? |
$page_footer = <<< FOOTER |
|
|
What command is used to include files? |
include_once Issues a warning if the file is not available |
|
|
What command is used to require files? |
require_once Fatal error if the file is not available |
|
|
What is Agile Software Development? |
A group of software development methods, based on iterative and incremental development |
|
|
Name some benefits of Agile Software Development |
Promotes adaptive planning, evolutionary development, and delivery Encourages rapid, and flexible response to change, Conceptual framework |
|
|
List some of the Agile Principles |
Customer satisfaction by rapid delivery of useful software Welcome changing requirements, even late in development Working software is delivered frequently |
|
|
In what way is Agile incremental? |
Tasks are broken down into small increments |
|
|
In what way is Agile iterative? |
Teams work in all functions, planning, requirement analysis, design, coding, testing, etc. |
|
|
What is the philosophy of Agile development? |
Agile development mainly targeted at complex systems and projects with dynamic undetermined, non-linear characteristics |
|
|
What are adaptive methods? |
Methods that focus on adapting quickly to changing realities If the needs of the project change, the team changes too |
|
|
What is the downside of adaptive methods? |
An adaptive team struggles to describe what will happen in the future, to the point where they'd only describe the mission statement |
|
|
What are predictive methods? |
Methods that focus on analysing, planning for the future, catering for known risks |
|
|
What type of method are Agile methods? |
Adaptive |
|
|
What is the preference within the Agile manifesto - code or documentation? |
Code, working software more useful and welcome Documentation not unnecessary, lack of documentation is a major problem |
|
|
What is a function? |
A named section of a program that performs a specific task |
|
|
What are two main types of function? |
Pre-written - set of functions in a library User-defined - developer creates their own functions |
|
|
What are the benefits of functions? |
Allows developer to organise code to logical structure Allows developer to allocate specific behaviour to code Promotes the reuse of code |
|
|
What should a function achieve? |
The completion of a single outcome The function may or may not return a result |
|
|
How are functions called? |
Functions are invoked by their names e.g.: get_value() |
|
|
What can function parameters be? |
Data Variable Names |
|
|
What does a function prototype define? |
The number, and type of, parameters The data type of the returned value, if any |
|
|
How are user-defined functions defined? |
Defined in a function declaration |
|
|
What does PHP 7 add to functions? |
Return type declarations (return 'whatever') Scalar Type Hinting (function doSomething(int $count, string $widgets)) |
|
|
What are variable functions? |
Variables with parenthesis appended to them PHP looks for function with same name as evaluation of variable, attempts to execute |
|
|
What are anonymous functions? |
Functions with no name, usually pass small sections of logic into functions Can be assigned to variables |
|
|
What is the 'scope' of an identifier? |
The range of code statements where the identifier is valid Three levels, global, class, function |
|
|
How can parameters be passed? |
Through value or reference |
|
|
What is a recursion function? |
One that calls itself |
|
|
What happens when a PHP script is executed? |
The PHP engine starts, reading script from file |
|
|
What is used to set or return location of PHP hosting system? |
setlocale() |
|
|
What are the first three in the OWASP list? |
A1 - Injection A2 - Broken Authentication and Session Management A3 - Cross-Site Scripting |
|
|
What are the next three in the OWASP list? |
A4 - Insecure Direct Object References A5 - Security Misconfiguration A6 - Sensitive Data Exposure |
|
|
What are the final four in the OWASP list? |
A7 - Missing Function Level Access Control A8 - Cross-Site Request Forgery A9 - Using Known Vulnerability Components A10 - Unvalidated Redirects and Forwards |
|
|
What client-side attack vectors are there? |
Vulnerabilities in browsers via Javascript |
|
|
What server-side attack vectors are there? |
Web App Database |
|
|
How could web forms suffer from buffer overflow? |
Input boxes take in long strings, could crash server |
|
|
What is a Denial Of Service attack? |
Overloading a server with too many service requests in a short space of time The attack is successful because it takes a finite amount of time for a request to be processed |
|
|
What are SEO attacks? |
SEO poisoning attacks are primarily attacks on websites using XSS Attackers exploit input and display vulnerabilities on sites iframes then injected into sites, search will redirect to alternate site |
|
|
What do SEO attacks commonly use? |
iframes |
|
|
How do XSS attacks work? |
Script injection, usually Javascript, caused by lack of user input sanitisation Browser often executes malicious script Scripts access host file system |
|
|
What are the three types of XSS attacks? |
Stored Reflected DOM based XSS - rewrites HTML |
|
|
What are UK MoD Vas? |
Vulnerability Assessment Levels |
|
|
What are the Vulnerability Assessment Levels? |
Scanning Automated probes Penetration Test Physical Test |
|
|
What attributes does the form element consist of? |
method action accept accept-charset enctype |
|
|
Give examples of form elements |
select textarea fieldset label |
|
|
How would you have PHP process input forms? |
if($_POST['formSubmit']== "Submit") |
|
|
What do we think about User Input? |
EVIL. Consider types of attack that involve user input |
|
|
What function does PHP have to filter data? |
filter_var() |
|
|
What argument does filter_var() need to filter a given string? |
FILTER_SANITIZE_STRING |
|
|
What argument does filter_var() need to filter a given (amount of) integer(s)? |
FILTER_VALIDATE_INT |
|
|
What argument does filter_var() need to filter a given IP address? |
FILTER_VALIDATE_IP |
|
|
What arguments are needed for filter_var() to both clean, and validate URLs and Emails? |
FILTER_SANITIZE_EMAIL/URL FILTER_VALIDATE_EMAIL/URL |
|
|
What is an example of XSS? |
The web form has an input field, into which the user can type in something like a script The PHP app computes the input, and a JS string (for example), is reflected to the browser The browser accepts the JS from the trusted source, and the script is executed |
|
|
How can XSS be prevented? |
Never put untrusted data in: Scripts HTML comments Attributes names Tag names Directly in CSS |
|
|
What was the main reason for OO design? |
To better model the real world |
|
|
What is OO |
The use of class and allied diagrams to create a system of reusable, inter-communicating objects |
|
|
What is one of the main properties of OO? |
Polymorphism - objects are reusable, with different parameters Concepts of encapsulation and inheritance form from this |
|
|
What is encapsulation? |
An object knows about itself, in terms of its values and its behaviour |
|
|
What is inheritance? |
An object may inherit the values and behaviour of a parent object |
|
|
What is the S in the SOLID principles? |
S: single responsibility principle - an object has one purpose only |
|
|
What is the O in the SOLID principles? |
O: open/closed principle - software entities are open for extension, closed for modification |
|
|
What is the L in the SOLID principles? |
L: Liskov substitution principle - objects should be replaceable with instances of their subtypes, without altering the correctness of the program |
|
|
What is the I in the SOLID principles? |
I: interface segregation principles - many specific interfaces are better than one general purpose interface |
|
|
What is the D in the SOLID principles? |
D: dependency inversion principle - one should depend upon abstractions, not upon concretions |
|
|
How are objects created within PHP? |
new |
|
|
How are an object's attributes and accessor methods accessed? |
Using the keyword '$this', and the arrow operator '->' |
|
|
What are the three types of visibility for an object? |
public protected private |
|
|
What file format are classes saved as? |
.inc More secure to use .php for all files though, which ensures that the files will be parsed by the PHP parser |
|
|
What should be given to the name of a class? |
The 'class.' prefix class.Filename.php, for example |
|
|
How is a class file made available to a program? |
With either the 'include' or 'require' commands |
|
|
What is MySQL? |
Open source, multi-platform, client/server, ACID-compliant relational database |
|
|
What components does MySQL have with PHP? |
Information_schema, mysql and test |
|
|
What are PDOs? |
PHP Data Objects Lightweight interface Access to various databases |
|
|
What file format are PDOs in? |
.dll |
|
|
What is the advantage of using the .dll extension with PDOs? |
All databases accessed with same library functions SQL injection attacks avoided |
|
|
How would you return information from MySQL |
list_dbs |
|
|
How would you connect to a database with a PHP script? |
Within a try/catch block Variable assigned to a new PDO with host name, user name and password variables |
|
|
What is the database wrapper class? |
A class that incorporates some error handling Used for connecting to the relevant database |
|
|
How is user data transmitted to PHP? |
Via a form |
|
|
What are ORMs? |
Object-Relational Mappings |
|
|
What is the purpose of an ORM? |
To map between the different data types - scalar values and data within objects |
|
|
What is the idea behind a Software Design Pattern? |
A general, reusable solution to a commonly occurring problem within a given context in software design A template that can be used to solve problems, and can be used in many different situations |
|
|
What is the purpose of an OO Design Pattern? |
A pattern can show relationships and interactions between classes or objects |
|
|
What are web-application Design Patterns? |
Patterns used by PHP developers Container, Factory, Observer, etc. |
|
|
What things should you consider when designing your application? |
Partition aspects of it logically Use abstraction, implementing loose coupling between layers Understand how components will communicate with each other Reduce round trips |
|
|
What is the MVC pattern? |
Model, View, Controller |
|
|
What two ways can the model be considered as? |
Active - allows the model to inform the view and controller components of required changes Passive - objects are completely unaware of being part of a larger application |
|
|
What is the third variation of the model? |
The Presentation Model |
|
|
What is the single point of entry for a PHP application? |
bootstrap.php |
|
|
How do you instantiate objects with autoloading? |
_autoload() |
|
|
What is the router class? |
The class responsible for instantiating the correct Controller class |
|
|
What is the config class? |
The class that stores any configurable values that will be used throughout the application Could extend to storage of actual data in database |
|
|
What are the three As? |
Authentication - proving that you are who you claim to be Authorisation - system decides what you're allowed to access Accounting - keeping track of what you've done whilst using the system |
|
|
How is authentication achieved? |
Usually with a username and password Modern systems starting to use biometrics, fingerprints |
|
|
What is two-factor authorisation? |
Any authentication process that requires two separate means of identification |
|
|
What can hash functions be used for? |
Authentication, but simpler functions have been broken many times |
|
|
How does MD5 work? |
A hash function takes an input string and transforms it into a fixed size string One way function |
|
|
What is MD5 used for? |
Used to check the integrity of a file Can be used to detect tampering of web application scripts |
|
|
What is SHA-1? |
Hashing function that produces a message digest of 160 bits Has been cracked, SHA-2 developed |
|
|
What is salt? |
Passwords are encrypted with this Salt is an extra piece of information, appended to the password, the string is then encrypted |
|
|
What is the DES algorithm? |
An algorithm based on transpositions, rearrangement of bits An encryption algorithm |
|
|
What is Mcrypt? |
Encryption that uses PHP generic functions |
|
|
What happens when a script terminates? |
All variables declared are nullified Allocated RAM returned to the heap Contents lost |
|
|
How can the contents of variables be stored for use in later scripts? |
Store values in a special session file Store values in alternative persistent storage |
|
|
What is SID? |
Session ID |
|
|
How are SIDs stored? |
Keys stored in session cookies on client machine Can be a problem if client has cookies disabled as a security measure |
|
|
How are sessions created? |
session_start() function |
|
|
What happens when the session_start() function is called? |
Other than a session starting, looks for SID from client machine If none exists, SID created and stored |
|
|
How are sessions removed? |
By PHP's garbage collector |
|
|
How are emails sent from within PHP scripts? |
mail() function Email format must conform to RFC2822 |
|
|
What is the purpose of the Sender Policy Framework? |
It attempts to authenticate an email to spam filters, prevents sender address forgery |
|
|
How does SPF work? |
Adds an SPF record to DNS domain of sender, contains policy of sender Receiving email server checks if SPF record exists, and if message compiles with DNS record policy |
|
|
What should be done before optimisation of PHP code? |
Take snapshot of current performance Allows improvements in performance to be measured |
|
|
What is memory caching also known as? |
Accelerators |
|
|
How does memory caching work? |
Cache compiled bytecode Avoids processing overhead of parsing and compiling source code |
|
|
What is varnish? |
A caching server, HTTP accelerator |
|
|
What two variants of PHP scaling are there? |
Horizontal scaling - adding more servers Vertical scaling - higher spec hardware |
|
|
What can be used to accelerate the processing of PHP scripts? |
Micro-optimisation |
|
|
What is Hoare's Law? |
Inside every large program is a small program struggling to get out,or Premature optimisation is the root of all evil |
|
|
How would you implement micro-optimisation to your PHP scripts? |
Use ' instead of " to delineate Strings Use the concatenation operator to insert variables into strings Consider the performance of echo vs. print |
|
|
What is the main bottleneck of any web-application, usually? |
Retrieving data from the database |
|
|
What can you do to help reduce the bottleneck from the database? |
SQL optimiser package Third party library |
|
|
Other than the server, what else causes web-page latency? |
Network latency, Browser processing time, if their hardware is better then this will be faster |
|
|
What is a sprite? |
An image file that contains every image to be used on relevant web-pages |
|
|
What is code minification? |
The process of removing all extraneous characters, white spaces for example |
|
|
What is the GD Library? |
It's used to create images composed of lines, arcs, text, other images, multiple colours |
|
|
How do both PHP and GD2 relate? |
PHP can use the library to create graphics 'on-the-fly' |
|
|
What is LibChart? |
A simple-to-use library that produces horizontal and vertical bar, pie, and line charts The output is rendered as a PNG image |
