Lec06 Framework and Web Security

Questions and Answers

PDF Questions PDF Answers

Which front-end framework has the smallest ecosystem according to the text?

React

Vue (correct)

Angular

jQuery

Which front-end framework is generally considered less trustworthy among audiences?

React

Angular

Vue (correct)

jQuery

Which front-end framework is backed by Google?

React

jQuery

Angular (correct)

Vue

Which front-end framework is backed by Facebook?

React

Which front-end framework has a very small size?

Vue

Which front-end framework is recommended if the project is complicated?

React

Which front-end framework is associated with bidirectional data binding?

Angular

Which front-end framework is known for its ease of learning compared to JSX and Typescript?

Vue

Which front-end framework is associated with the performance being described as good?

Vue

Which front-end framework is known for its richness of features?

Angular

What is one of the advantages of having a small Vue project size?

Improved SEO due to faster loading time

Why is Vue's ecosystem considered narrow compared to other frameworks?

It does not render well in older versions of operating systems and web browsers

What sets Angular, React, and Vue apart in terms of developer backing?

Angular and React are backed by Google and Facebook, while Vue is generally not trustworthy among audiences

In terms of data binding, what sets Vue apart from Angular and React?

Both unidirectional and bidirectional data binding

What factor should be considered when choosing a front-end framework if jQuery or native JavaScript can fulfill the project's needs?

The complexity of the project

Which front-end framework has the smallest size?

Vue

Which front-end framework is known for its steep learning curve?

Angular

Which front-end framework is preferred for its bidirectional data binding?

React

Which front-end framework is favored by Google?

Angular

Which front-end framework is most popular among developers for job opportunities?

React

Match the following front-end frameworks with their respective release years:

Angular = 2016 React = 2011 Vue = 2014 jQuery = N/A

Match the front-end frameworks with their associated companies or organizations:

Angular = Google React = Facebook Vue = N/A jQuery = N/A

Match the front-end frameworks with their respective performance descriptions:

Angular = Good React = Good Vue = Good jQuery = N/A

Match the front-end frameworks with their associated popular websites:

Angular = Paypal, Samsung, Upwork React = Netflix, Twitter, Amazon Vue = Alibaba, Grammarly, GitLab jQuery = N/A

Match the front-end frameworks with their ranking based on popularity among developers for job opportunities:

Angular = React > Angular > Vue React = React > Angular > Vue Vue = React > Angular > Vue jQuery = N/A

Vue has a wide ecosystem compared to other frameworks, rendering well in older versions of operating systems and web browsers.

False

If your project is simple, it is recommended to use a front-end framework like Vue.

False

Angular has a smaller size compared to Vue.

False

Vue is generally considered more trustworthy among audiences compared to Angular and React.

False

Native JavaScript can fulfill all the needs that a front-end framework can, according to the text.

False

Vue has a wide ecosystem compared to other frameworks, rendering well in older versions of operating systems and web browsers.

False

Angular and React are backed by Google and Facebook, which automatically build trust among the people, however, Vue is generally not trustworthy among the audiences.

True

If jQuery or even native JavaScript can solve your needs, then you may not need to use a frontend framework.

True

Vue is generally considered more trustworthy among audiences compared to Angular and React.

False

Native JavaScript can fulfill all the needs that a front-end framework can, according to the text.

False

What is a method used to protect data transmission between users and websites?

SSL encryption

What does GDPR require regarding the processing of personal data?

Processing data fairly, lawfully, and transparently

Which mechanism safeguards sensitive information from unauthorized access?

Data encryption

What is the output size of SHA-1?

160 bits

What is the primary purpose of salting in SHA-256?

Preventing rainbow table attacks

What is the primary benefit of using HTTPS for web communication?

Preventing unauthorized access to sensitive information

What is the role of Certificate Authorities (CAs) in secure communication?

Issuing digital certificates

What is the primary purpose of cryptographic hash functions like MD5, SHA-1, and SHA-256?

To transform data into fixed-size output for integrity verification and unique identification

Which of the following is a common vulnerability that can lead to unauthorized data disclosure, modification, or deletion?

Cross-Site Scripting (XSS) attacks

What is the purpose of two-factor authentication (2FA) in web security?

To provide a secure login system that enhances user privacy and account security

SSL is used to protect data transmission between users and websites

True

GDPR requires organizations to handle personal data according to six data processing principles

True

Two-factor authentication (2FA) is a key element of GDPR

False

SHA-1 produces a 128-bit hash value

False

SHA-256 is considered a weak cryptographic hash function

False

Salting in SHA-256 involves adding a unique random value to input data before hashing

True

SSL/TLS encryption is employed for secure web communication in HTTP

False

Anonymization and pseudonymization are effective in preventing all forms of identity theft and unauthorized access to personal information.

False

Regular security updates, patches, and secure coding practices are not effective in preventing common attack vectors like injection attacks.

False

Cryptographic hash functions like MD5, SHA-1, and SHA-256 are equally strong and resistant to vulnerabilities and collision attacks.

False

Match the cryptographic hash function with its output size and security level:

MD5 = 128 bits Weak SHA-1 = 128 bits Weak SHA-256 = 256 bits Strong

Match the security feature of HTTPS with its description:

Data encryption = Ensures confidentiality Authentication = Verifies the identity of the server Data integrity = Protects against tampering Confidentiality = Improves user trust

Match the function with its description in secure communication:

Digital certificates and PKI = Establishes trust in secure communication Certificate validation = Involves checking expiration and revocation status SSL/TLS encryption = Ensures confidentiality, integrity, and authentication of data Certificate Authorities (CAs) = Issue and verify certificates, acting as trusted third-party organizations

Match the recommended method for password hashing with its description:

Salting in SHA-256 = Prevents precomputed attacks like rainbow tables JavaScript password hashing = Can be used to implement the password hashing function Password hashing in web apps = Protects user passwords by converting them into irreversible, hashed representations Public key infrastructure (PKI) = Binds public keys to entities' identities, establishing trust in secure communication

Match the cryptographic hash function with its description:

SHA-1 = Commonly used, but considered weak and vulnerable to collision attacks SHA-256 = Provides a higher level of security compared to MD5 and SHA-1 MD5 = Weak, non-critical applications, checksums

Study Notes

Web Security and Common Threats & Vulnerabilities

• Anonymization and pseudonymization are web security measures that protect user identities and personal information.
• Two-factor authentication (2FA) is a secure login system that enhances user privacy and account security.
• Clear privacy policies and transparent data handling practices help build user trust in an organization.
• Regular security audits and vulnerability assessments demonstrate commitment to user privacy.
• Strong user authentication mechanisms like passwords and biometrics mitigate the risk of unauthorized access.
• Regular security updates, patches, and secure coding practices help prevent common attack vectors like injection attacks.
• Common threats and vulnerabilities include Cross-Site Scripting (XSS) attacks, SQL injection attacks, phishing and social engineering attacks, malware and viruses, brute-force attacks, and Denial of Service (DoS) attacks.
• Cross-Site Scripting (XSS) attacks exploit vulnerabilities in web applications to inject malicious scripts into web pages, leading to session hijacking, cookie theft, and unauthorized access to user data.
• SQL injection attacks exploit poorly sanitized user input to execute unauthorized SQL queries on a database, potentially leading to unauthorized data disclosure, modification, or deletion.
• Phishing and social engineering attacks rely on human interaction to trick users into revealing sensitive information or performing malicious actions and can be prevented through user education, awareness, spam filters, and multi-factor authentication.
• Denial of Service (DoS) attacks overwhelm a web server or network with a flood of requests, rendering it inaccessible to legitimate users and can be prevented through various measures including DDoS protection services, network traffic monitoring, and incident response plans.
• Cryptographic hash functions transform data into fixed-size output for integrity verification and unique identification, and are key tools in password storage, digital signatures, data integrity verification, and certificate fingerprinting. Common types of hashing functions include MD5, SHA-1, and SHA-256, with MD5 being considered weak due to vulnerabilities and collision attacks.

Web Security and Common Threats & Vulnerabilities

• Anonymization and pseudonymization are web security measures that protect user identities and personal information.
• Two-factor authentication (2FA) is a secure login system that enhances user privacy and account security.
• Clear privacy policies and transparent data handling practices help build user trust in an organization.
• Regular security audits and vulnerability assessments demonstrate commitment to user privacy.
• Strong user authentication mechanisms like passwords and biometrics mitigate the risk of unauthorized access.
• Regular security updates, patches, and secure coding practices help prevent common attack vectors like injection attacks.
• Common threats and vulnerabilities include Cross-Site Scripting (XSS) attacks, SQL injection attacks, phishing and social engineering attacks, malware and viruses, brute-force attacks, and Denial of Service (DoS) attacks.
• Cross-Site Scripting (XSS) attacks exploit vulnerabilities in web applications to inject malicious scripts into web pages, leading to session hijacking, cookie theft, and unauthorized access to user data.
• SQL injection attacks exploit poorly sanitized user input to execute unauthorized SQL queries on a database, potentially leading to unauthorized data disclosure, modification, or deletion.
• Phishing and social engineering attacks rely on human interaction to trick users into revealing sensitive information or performing malicious actions and can be prevented through user education, awareness, spam filters, and multi-factor authentication.
• Denial of Service (DoS) attacks overwhelm a web server or network with a flood of requests, rendering it inaccessible to legitimate users and can be prevented through various measures including DDoS protection services, network traffic monitoring, and incident response plans.
• Cryptographic hash functions transform data into fixed-size output for integrity verification and unique identification, and are key tools in password storage, digital signatures, data integrity verification, and certificate fingerprinting. Common types of hashing functions include MD5, SHA-1, and SHA-256, with MD5 being considered weak due to vulnerabilities and collision attacks.

Description

SHA-1 vs SHA-256 Quiz: Test your knowledge of cryptographic hash functions with this quiz comparing the characteristics and security implications of SHA-1 and SHA-256. Challenge yourself with questions about hash value lengths, vulnerability to attacks, and the use cases for each algorithm.