Pascal Bartl
Quiz by , created more than 1 year ago

TYPO3 CD 2020 (zweite Auflage) Quiz on 7.2 Developing Secure Code for TYPO3, created by Pascal Bartl on 09/04/2021.

0
0
0
Pascal Bartl
Created by Pascal Bartl over 3 years ago
Close

7.2 Developing Secure Code for TYPO3

7.2 Developing Secure Code for TYPO3

Question 1 of 6

1

Which of the following terms refer to security vulnerabilities in software? (3)

Select one or more of the following:

  • Scalar type declaration

  • Cross-site scripting (XSS)

  • Bounded context

  • Authentication bypass (or broken authentication)

  • False vacuum theory

  • Injection flaws

Explanation

Question 2 of 6

1

Is it possible to output form fields dynamically (e.g. with JavaScript) in an action? (1)

Select one or more of the following:

  • This is not possible for security reasons

  • This is possible, but requires the addition of an annotation @dontverifyrequesthash to the
    target action

  • This is possible, but requires the addition of an annotation @ignorevalidation to the target
    action

  • This is possible, but requires the addition of an annotation @dontvalidate to the target action

  • This is possible by activating the TypoScript option persistence.enableDynamicForms

Explanation

Question 3 of 6

1

Which of the following ViewHelpers check whether a frontend user is logged-in and is a member of the group
“news” (UID = 5)? (2)

Select one or more of the following:

  • <f:if condition="{TSFE.loginUser.group == 5}">.

  • <f:security.ifHasRole role="5">

  • <f:security.ifHasRole role="news">

  • <f:security.ifAuthenticated>

  • <f:security.loginUser group_id="5">

Explanation

Question 4 of 6

1

Which statements about security in Fluid are correct? (2)

Select one or more of the following:

  • Fluid applies htmlspecialchars() when HTML content of a variable is output

  • Fluid automatically removes all HTML tags if the content of a variable contains HTML code

  • To protect users against XSS attacks, an exception is triggered if a variable contains HTML
    code

  • The FormatRaw-ViewHelper (<f:format.raw>) can be used to output the content of variables unfiltered

  • All HTML code should be passed to the FormatHtml-ViewHelper (<f:format.html>) for
    security reasons

Explanation

Question 5 of 6

1

What is the purpose of the “FormProtectionFactory”? (1)

Select one or more of the following:

  • Protection against SQL injections

  • Protection against man-in-the-middle attacks

  • Protection against cross-site scripting (XSS) attacks

  • Protection against cookie theft

  • Protection against cross-site request forgery (CSRF)

Explanation

Question 6 of 6

1

Which methods sanitize variables for the QueryBuilder and make the value SQL injection safe for prepared statements? (3)

Select one or more of the following:

  • The method quoteIdentifier()

  • The method quoteIdentifiers()

  • The method sanitizeValue()

  • The method createNamedParameter()

  • The method secureQuery()

Explanation

Previous
Next