What are the differences between directory path traversal and file inclusion vulnerabilities? Which are more serious? Explain.

computer science

Description

Question A3

Explain in detail the syntax of this code you inserted at line 86:

if (!in_array($page, $valid_pages, TRUE)){
    $page = "funny.php";
}

 

Question A4

How many elements are in the $valid_pages array? Explain how you found the answer.

 

Question A5

What are the differences between directory path traversal and file inclusion vulnerabilities? Which are more serious? Explain.

 

Challenge

Questions

 

 

Question C1

What is the difference between /etc/passwd and /etc/shadow? Are either of these configurations more secure than the other? Explain.

 

Question C2

Find an example of a real-world PHP file inclusion vulnerability at a site such as www.securityfocus.com. Describe the vulnerability and suggest ways to fix it. 

 

Question C3

What are the three main error types in PHP and how do they differ? Why is important for a developer to understand these?

 

Question C4

SQL injection is a serious problem. Find where it appears in the CWE/SANS Top 25 Most Dangerous Software Errors list and the OWASP Top 10 list. What are the implications of these rankings for developers? Are these types of vulnerabilities best addressed in the design phase or when coding (during implementation)? How could you test for these vulnerabilities if using PHP?

Question C5

A remote file inclusion vulnerability (RFI) exploits the dynamic file inclusion mechanism in a web application by giving an attacker the ability to insert/include remote files to the web server and execute them. Explain how this works and how developers can prevent them.

 

 


Related Questions in computer science category