What is a variable in a computer program?
A type of function that performs calculations
A special type of loop in programming
A container that holds data for use later
A fixed value that never changes

Explanation​

precious said:

1. Cross-Site Scripting (XSS)​

• If you come across: User input fields (like comments or search bars)
  • Verify for:
    • Reflected XSS: Injecting scripts in the input to see if they are executed in the user's browser.
    • Persistent XSS: Checking if scripts are stored on the server and reflected back to users.
  • Prevention: Implement input validation, output encoding, and Content Security Policy (CSP).

2. Overflow Vulnerabilities​

• If you come across: User input or data handling that may exceed allocated memory
  • Verify for:
    • Buffer Overflow: Sending oversized inputs to trigger memory corruption.
    • Integer Overflow: Providing inputs that exceed maximum integer values.
    • Heap Overflow: Manipulating dynamic memory allocation to corrupt memory.
    • Stack Overflow: Causing the call stack to exceed its limit.
  • Prevention: Use safe coding practices, input validation, and memory management techniques.

3. Data Poisoning​

• If you come across: User-modifiable data inputs
  • Verify for: Manipulating data to affect the application's behavior or outcomes.
  • Prevention: Validate inputs and implement strong data integrity checks.

4. Broken Access Control​

• If you come across: User permissions or roles within the application
  • Verify for: Accessing restricted resources or functions without proper authorization.
  • Prevention: Enforce strict role-based access control (RBAC) and regularly audit access permissions.

5. Cryptographic Failures​

• If you come across: Data stored or transmitted securely (e.g., passwords, personal data)
  • Verify for: Weak encryption algorithms or improper key management.
  • Prevention: Use strong encryption protocols and ensure proper key storage and lifecycle management.

6. Injection Flaws​

• If you come across: Input fields that interact with databases or APIs
  • Verify for:
    • SQL Injection: Manipulating SQL queries through input fields.
    • Command Injection: Executing arbitrary commands on the server.
  • Prevention: Use parameterized queries, prepared statements, and input validation.

7. Cross-Site Request Forgery (CSRF)​

• If you come across: Forms that perform state-changing actions
  • Verify for: Unauthenticated requests being accepted by the application.
  • Prevention: Implement anti-CSRF tokens and validate the origin of requests.

8. Directory Traversal​

• If you come across: File upload or retrieval functions
  • Verify for: Accessing restricted directories using path traversal techniques.
  • Prevention: Validate and sanitize file paths and restrict access to sensitive directories.

9. Insecure Design​

• If you come across: Flaws in the application's architecture
  • Verify for: Design weaknesses that expose the application to various attacks.
  • Prevention: Follow secure design principles and perform threat modeling.

10. Security Misconfiguration​

• If you come across: Default settings in applications or services
  • Verify for: Misconfigured security settings or unused features being enabled.
  • Prevention: Regularly review and harden security configurations, and conduct security audits.

11. End-of-Life or Outdated Components​

• If you come across: Use of libraries or software that are no longer supported
  • Verify for: Known vulnerabilities associated with outdated components.
  • Prevention: Regularly update and patch software components and replace end-of-life software.

12. Identification and Authentication Failures​

• If you come across: Login or authentication mechanisms
  • Verify for: Weak password policies, account enumeration, or failure to implement multi-factor authentication.
  • Prevention: Enforce strong password policies and implement multi-factor authentication.

13. Server-Side Request Forgery (SSRF)​

• If you come across: Applications making backend requests based on user input
  • Verify for: Manipulating requests to access internal services.
  • Prevention: Validate and sanitize user inputs, and restrict server-side requests.

14. Remote Code Execution (RCE)​

• If you come across: User inputs that are executed by the server
  • Verify for: Ability to execute arbitrary code on the server.
  • Prevention: Validate all inputs and use language features to limit code execution.

15. Privilege Escalation​

• If you come across: Role or permissions settings
  • Verify for: Users gaining unauthorized access to higher privilege levels.
  • Prevention: Implement the principle of least privilege and regularly review user roles.

16. Local File Inclusion (LFI) / Remote File Inclusion (RFI)​

• If you come across: File inclusion functionalities
  • Verify for: Ability to include local or remote files that could compromise the application.
  • Prevention: Validate and sanitize file paths and restrict the inclusion of sensitive files.

SHARE WITH US YOUR TIPS

Click to expand...

Thanks for sharing. I love the consolidated cheat sheet.

Congratulations

Congratulations

congratulations on your pass!!!

@Trevor Chandler

Key Differences​

• User Experience: Passkeys are designed for end-users and aim to simplify the login process by eliminating passwords and using biometrics. Public-key authentication is more technical and often used by IT professionals for securing system communications.
• Implementation: Passkeys are integrated into modern devices and ecosystems, making them easy to use across multiple platforms. Public-key authentication requires manual setup and is typically used in specific applications like SSH.

Both methods enhance security by leveraging public-key cryptography, but passkeys focus on user convenience and phishing resistance, while public-key authentication is a versatile tool for securing various types of communications.

Congratulations

abiodun1991 said:

Which type of data model includes primary keys and foreign keys?
Logical Data Model
Incorrect answer:
Schema Model
Conceptual Data Model
Physical Data Model

Explanation​

Click to expand...

The Logical Data Model includes primary keys and foreign keys. This model defines the structure of the data and the relationships between entities in the database, which is essential for establishing data integrity through the use of keys. It maps more closely to the actual implementation of the database than a conceptual model but remains independent of any specific database management system.

abiodun1991 said:

What is one advantage of local databases?
They offer 99.9% availability
Correct Answer:
They can be accessed faster
They are managed by cloud providers
They reduce the risk of cyber attacks

Explanation​

Click to expand...

One advantage of local databases is that they can be accessed faster. Since the database resides on the same machine or local network, data retrieval is generally quicker compared to remote or cloud-based databases, which may experience latency due to network traffic and distance. This makes local databases ideal for use cases where low-latency access is critical.

abiodun1991 said:

What is a relational database?
A database that stores data in a single table.
A database that only stores text data.
A database that keeps data in several connected tables.
A database that does not use tables at all.

Explanation​

Click to expand...

A relational database is a database that keeps data in several connected tables. These tables are related to each other through keys, like primary and foreign keys, which help maintain the relationships between different data entities.

abiodun1991 said:

What is a report in a database?
A row in a table
A column in a table
A summary of data
Incorrect answer:
A type of query

Explanation​

Click to expand...

A report in a database is typically a summary of table data, often presented in a formatted and readable way. It is used to display or analyze data from one or more tables based on specific criteria, making it easier to interpret the results

Passkeys and public-key authentication are both use asymmetric cryptography, but they serve different purposes and contexts:

Passkeys: A modern approach to passwordless authentication. They pair a device (like a phone) with a user account, using public-key cryptography to authenticate the user. For example, unlocking your Google account using your phone's biometric scanner instead of a password.

Public-key authentication: A traditional method primarily used for securing systems like SSH access. A user generates a public-private key pair and stores the public key on the server. The server verifies the user's identity based on the private key. For example, using SSH keys to log in to a remote server without needing a password.

What is the main purpose of pseudocode?
To compile the program into machine language
To create a user interface for the program
To describe what the code will do using plain language
To write the final code for a program

Explanation​

What does a diamond shape in a flowchart indicate?
The start or end of a program
A decision point
A process
Input or output

Explanation​

What should be done before starting to code a program?
Decide what the program should do.
Ignore planning and start coding immediately.
Decide what the program will look like.
Write as much code as possible.

Explanation​

What is the main purpose of a flowchart in programming?

To test the program for errors
To show the flow (sequence) of logic in a program
To design the user interface of the program
To write the actual code of the program

Explanation​

What is the main purpose of pseudocode?
To compile the program into machine language
To create a user interface for the program
To describe what the code will do using plain language
To write the final code for a program

Explanation​

What keyword is used in pseudocode to represent a loop with a condition at its beginning?
FOR
CASE
REPEAT-UNTIL
WHILE

Explanation​

Why is code written in assembly language more efficient?
It uses a compiler.
It is written in binary.
It allows direct access to hardware.
It is a high-level language.

Explanation​

What is an interpreted language?
A language that is only used for web development
A language that runs instructions in the source code whenever you run the application
A language that cannot be used on multiple platforms
A language that converts source code into binary ahead of time

Explanation​

What is one advantage of interpreted languages?
They are platform-independent.
They turn source code into binary ahead of time.
They have limited access to system resources.
They are faster than compiled languages.

Explanation​

What does the term "syntax" refer to in computer programming?
The speed at which a program runs.
The color scheme of the code editor.
The rules for how to write the language.
Incorrect answer:
The type of computer used to run the program.

Explanation​

pamellaandersen said:

Hello, I'm new here. Where do I find the demand session? Thanks!

Click to expand...

Do you registared for Tech+?
Use the email you registered with and used it to log in again.

Which type of data model includes primary keys and foreign keys?
Logical Data Model
Incorrect answer:
Schema Model
Conceptual Data Model
Physical Data Model

Explanation​