Copy and Edit

7.2 Developing Secure Code for TYPO3

Description

TYPO3 CD 2020 (zweite Auflage) Quiz on 7.2 Developing Secure Code for TYPO3, created by Pascal Bartl on 09/04/2021.
Pascal Bartl
Quiz by Pascal Bartl, updated more than 1 year ago
Pascal Bartl
Created by Pascal Bartl over 3 years ago
1
0
0

Resource summary

Question 1

Question
Which of the following terms refer to security vulnerabilities in software? (3)
Answer
  • Scalar type declaration
  • Cross-site scripting (XSS)
  • Bounded context
  • Authentication bypass (or broken authentication)
  • False vacuum theory
  • Injection flaws

Question 2

Question
Is it possible to output form fields dynamically (e.g. with JavaScript) in an action? (1)
Answer
  • This is not possible for security reasons
  • This is possible, but requires the addition of an annotation @dontverifyrequesthash to the target action
  • This is possible, but requires the addition of an annotation @ignorevalidation to the target action
  • This is possible, but requires the addition of an annotation @dontvalidate to the target action
  • This is possible by activating the TypoScript option persistence.enableDynamicForms

Question 3

Question
Which of the following ViewHelpers check whether a frontend user is logged-in and is a member of the group “news” (UID = 5)? (2)
Answer
  • <f:if condition="{TSFE.loginUser.group == 5}">.
  • <f:security.ifHasRole role="5">
  • <f:security.ifHasRole role="news">
  • <f:security.ifAuthenticated>
  • <f:security.loginUser group_id="5">

Question 4

Question
Which statements about security in Fluid are correct? (2)
Answer
  • Fluid applies htmlspecialchars() when HTML content of a variable is output
  • Fluid automatically removes all HTML tags if the content of a variable contains HTML code
  • To protect users against XSS attacks, an exception is triggered if a variable contains HTML code
  • The FormatRaw-ViewHelper (<f:format.raw>) can be used to output the content of variables unfiltered
  • All HTML code should be passed to the FormatHtml-ViewHelper (<f:format.html>) for security reasons

Question 5

Question
What is the purpose of the “FormProtectionFactory”? (1)
Answer
  • Protection against SQL injections
  • Protection against man-in-the-middle attacks
  • Protection against cross-site scripting (XSS) attacks
  • Protection against cookie theft
  • Protection against cross-site request forgery (CSRF)

Question 6

Question
Which methods sanitize variables for the QueryBuilder and make the value SQL injection safe for prepared statements? (3)
Answer
  • The method quoteIdentifier()
  • The method quoteIdentifiers()
  • The method sanitizeValue()
  • The method createNamedParameter()
  • The method secureQuery()
Show full summary Hide full summary

Want to create your own Quizzes for free with GoConqr? Learn more.

Similar

KEE3
harrym
21 Random IT questions
Eden Goddard
Important Spanish Verbs
madiywarner
Chemistry Equations / Maths
Georgia B
CHEMISTRY C1 2
x_clairey_x
Plant and animal cells
charlotteireland
GCSE PHYSICS: Energy Transfer
magykman1998
Command or Process Words for Essay Writing
Bekki
Coastal Landscapes
Chima Power
All AS Maths Equations/Calculations and Questions
natashaaaa
FV modules 1-4 infinitives- ENTER SPANISH
Pamela Dentler
Browse Library