This study guide is intended to help you prepare for the security exam questions. The following questions will not appear on the official exams, but have been designed to highlight key concepts that will covered and approximate the level of difficulty of the exam questions.
Please bear in mind that all Deep Dive Coding Assessment Exams are open book, open internet, open PHP parser, and open Google.
Security: Attacks & Defenses
Know all the following attacks and the defenses for each:
- Cross site request forgery (CSRF/XSRF)
- Cross site scripting (XSS):
- Persistent XSS
- Non Persistent XSS
- Be able to identify the difference between persistent and non persistent XSS
- SQL Injection
Exact code to launch or defend against the above attacks will NOT be required. A working conceptual knowledge will be required.
- Know the similarities and differences between a hash and encryption algorithm
- Identify the major hashing algorithms
- Know the consequences of accidental key exposure (public and private keys) and what to do in each case
- Know the differences between asymmetric and symmetric algorithms
- Identify major encryption algorithms and whether they are asymmetric or symmetric