Student ID number:

____________________
Pages : 10
Questions : 25

UNIVERSITY OF TASMANIA

EXAMINATIONS FOR DEGREES AND DIPLOMAS

Semester 1, 2014

KIT502 Secure Web Development

Examiner
Nicole Herbert
Soyeon Caren Han
Saurabh Garg
Time allowed: THREE (3) hours

Reading Time: FIFTEEN (15) minutes

Instructions :
There is a total of 100 marks available.

Section A contains 10 questions, each question is worth 2 marks.

Answer ALL questions from this section. This section is worth 20 marks. You should
spend approximately 36 minutes on this section.

Section B contains 10 questions, each question is worth 3 marks.

Answer ALL questions from this section. This section is worth 30 marks. You should
spend approximately 54 minutes on this section.

Section C contains 3 questions, each question is worth 10 marks.

Answer ALL questions from this section. This section is worth 30 marks. You should
spend approximately 54 minutes on this section.

Section D contains 2 questions, each question is worth 10 marks.

Answer ALL questions from this section. This section is worth 20 marks. You should
spend approximately 36 minutes on this section.

All answers must be written in the supplied exam booklet, do NOT write your
answers on the exam paper.
-2- KIT502 Secure Web Development

SECTION A
Attempt ALL questions from Section A. Each question is worth TWO (2) marks. This section
is worth 20 marks.

Question 1
Write the full names of the following terms.
a HTML and CSS
b HTTP and FTP
[2 marks]

Question 2
Explain two disadvantages of client-side scripting.
[2 marks]

Question 3
Draw two simple flow diagrams for symmetric-key encryption and public-key
encryption.
[2 marks]

Question 4
What is the difference between projection and selection operation in SQL? Briefly
describe the difference with examples.
[2 marks]

Question 5
There are many types of variables in PHP. Explain the concept of ‘type juggling’,
which is applied in PHP variables.
[2 marks]

Question 6
Describe how AJAX works in relation to a client and a server. Explain with a diagram.
[2 marks]

Question 7
Briefly describe the GET and POST methods used by Web browsers to send the user-
entered data from an HTML form to the server.
[2 marks]

Question 8
Describe the difference between a Stored XSS attack and a Reflected XSS attack.
[2 marks]

Question 9
Superglobal variables are built-in variables containing information from the Web
server, environment and user inputs. Write at least four super global variables and
briefly explain them.
[2 marks]
Question 10
There are two advantages of using jQuery: resolving “cross-browser issues” and
“method chain-ability”. Describe “cross-browser issues” and “method chain-ability”
[2 marks]

Continued..
KIT502 Secure Web Development -3-

SECTION B
Attempt ALL questions from Section B. Each question is worth THREE (3) marks. This
section is worth 30 marks.

Question 11

Average  Speed  of  Cars  (KM/H)

73.2
60%

70 5%
20% 30%

2012 2014
   
 
Are the above graphs misleading? Explain your answer.
[3 marks]

Question 12
Briefly describe the difference between the following two (2) ER models.

is received by
TREATMENT PATIENT
Date-commenced

is received by
TREATMENT PATIENT
Date-commenced
[3 marks]

Question 13
The following table displays several PHP functions, which prevent code injection
attacks. Write a description for each function.

Functions Description
trim() (a)
strip_tags() (b)
html_specialchars() (c)

[3 marks]

Continued…
-4- KIT502 Secure Web Development

Question 14
What is the output of the following fragment of PHP?

<?php
$arr=array(1=>"Monday","Tuesday","Wednesday");

$arr[3]="good";
$arr["hello"]=3;

echo $arr[3];
echo $arr['2'];
echo $arr['hello'];
?>
[3 marks]

Question 15
Consider the following PHP code.

<?php
class Math {
public function __construct($x) {
echo "What is the result?";
}
}

class Primary extends Math {

public function calculation() {
$z=5;
return $x+$z."<br/>";
}
}

class High extends Math {

public function calculation() {
$z=5;
$x=3;
return $y."<br/>";
}
}

$primary = new Primary('3');

echo $primary->calculation();
$high = new High('3');
echo $high->calculation();
?>

Write the output of the above code (what you see in the browser).
[3 marks]

Continued..
KIT502 Secure Web Development -5-

Question 16
State how you would expect a browser to respond to each of the following fragments
of PHP code. Explain the outcome of each code.

a header("refresh:8000; ../test.php")
[2 marks]

b header("location: ../test.php")
[1 mark]

Question 17
Consider the following PHP code.

<?php
$str="Homer likes the Beer and Donut";
$str1="Doctor!";
echo strtoupper($str1)."<br/>";
echo strtolower($str1)."<br/>";
echo substr($str,5,5)."<br/>";
echo substr($str,-2)."<br/>";
echo str_replace("e","r",$str)."<br/>";
echo strlen($str1);
?>

What is the output of the above code? (what you would see in the browser)
[3 marks]
Question 18
The output of the following code displays a form. When the form is loaded, the
cursor automatically focuses on the username field. Write the jQuery code to replace
box (a) to complete the script.

<html>
<head>
<script src="http://code.jquery.com/jquery-latest.js">
</script>
</head>
<body>
<script>
(a)
</script>
<form>
username: <input id="username" type="text"/><br/>
<input type="submit" name="submit" value="Login"/>
</form>
</body>
</html>
[3 marks]

Continued…
-6- KIT502 Secure Web Development

Question 19
Consider the following HTML code.

<html>
<head>
<title> Question19 </title>
</head>
<body>
<table> <tr><td> Caren Han </td></tr> </table>
<form> <input type=”password” value=”Name”> </form>
</body>
</html>

Draw a DOM tree of the above HTML code.

[3 marks]

Question 20
There are two tables below called `Simpson_Family` and `McFly_Family`. Write
three MySQL statements that would correctly complete the following three tasks.

table `Simpson_Family`
ID Username Firstname Lastname Email
1 homers Homer Simpson [email protected]
2 barts Bart Simpson [email protected]
3 maggies Maggie Simpson [email protected]

table ` McFly_Family`
ID Username Firstname Lastname Email
1 georgemc George McFly [email protected]
2 maggiemc Maggie McFly [email protected]
3 martymc Marty McFly [email protected]

a Update Bart’s email to [email protected]

[1 mark]

b Display the total number of users in the `McFly_Family` table

[1 mark]

c Select all the different first names from the `Simpson_Family` and
`McFly_Family` tables
[1 mark]

Continued..
KIT502 Secure Web Development -7-

SECTION C
Attempt ALL questions from Section C. Each question is worth TEN (10) marks. This section
is worth 30 marks.

Question 21
The following questions are about “State Management”.

a HTTP transactions are said to be stateless. What does stateless mean? And
what weakness is caused by them being stateless?
[2 marks]

b Session_start() is a PHP function. Briefly explain what this does and

where you would expect to see calls to this function.
[2 marks]

c ‘This PHP function’ defines a web cookie to be sent along with the rest of the
HTTP headers. What is ‘this PHP function’?
[2 marks]

d The $_SESSION is a super-global variable. How do programmers store values

in this variable? Write code that would do the following:
• Store an element with the key ‘mode’ and the value ‘edit’
• Store an element with the key ‘username’ and the value ‘carenh’
[2 marks]

e Describe the difference between a session and a web cookie

[2 marks]

Question 22
The following questions are about Security.

a HTTPS is the result of simply layering HTTP on top of (a) and (b). What are (a)
and (b)?
[2 marks]

b Describe what MD5 is and how to use it in PHP.

[2 marks]

c Explain how SSL works. Explain with a simple flow diagram

[2 marks]

d Describe the two advantages of using a digital signature.

[2 marks]

e Draw a flow diagram for a digital signature

[2 marks]

Continued…
-8- KIT502 Secure Web Development

Question 23
Consider the Implementation of the “city-viewer system”. The completed system
should perform as below. This program consists of two files, “Index.html” and
“get_cities.php”.

[When the page is loaded]

[Dropdown list - Country]

[When the country is selected]

a The code below is the source code for “Index.html”. Write code to
replace the numbered boxes. There is one mark for each box correctly
filled in.

<html>
<head>
<script src="http://code.jquery.com/jquery-
latest.js">
</script>
<script type="text/javascript">
function setup_country_change(){
$( (1) ).change( (2) );
}
function update_cities(){
var country = $( (3) ).attr( (4) );
$.post( (5)
);
}
function show_cities(cities){
$( (6) ).html( (7) );
}
$(document).ready( (8) );
</script>
Continued..
KIT502 Secure Web Development -9-
</head>
<body>
<form id="select_country" name="select_country"
method="" action="#">
<table>
<tr> <th>Country</th>
<td><select name="country" id="country">
<option value="" selected="selected">Please
select country.</option>
<option (9) >Australia</option>
<option (9) >United States</option>
<option (9) >United Kingdom</option>
</select></td>
</tr>
<tr> <th>Cities</th>
<td id="cities"> (10)
</td>
</tr>
</table>
</form>
</body>
</html>
[5 marks]

b The code below is the source code for “get_cities.php”. Write code to
replace the numbered boxes. There is one mark for each box that is
correctly filled in.

<?php
switch( (1) )
{
(2) "au":
$cities =
array('Adelaide','Brisbane','Canberra');
break ;

(2)
"us":
$cities = array
('Chicago','Dallas','Houston');
break ;

(2) "uk":
$cities =
array('Birmingham','Glasgow','Leeds');
break;
(3) :
$cities = false;
break;
}
if( (4) ) echo "Please select country";
else echo " (5) ";
?>

[5 marks]

Continued…
-10- KIT502 Secure Web Development
SECTION D
Attempt ALL questions from Section D. Each question is worth TEN (10) marks.
This section is worth 20 marks.

Question 24
Draw an ER diagram for the following application from the manufacturing
industry:
1. Each supplier has a unique name.
2. More than one supplier can be located in the same city.
3. Each part has a unique part number.
4. Each part has a colour.
5. A supplier can supply more than one part.
6. A part can be supplied by more than one supplier.
7. A supplier can supply a fixed quantity of each part.
[10 marks]

Question 25
Convert the following ER Diagram into the Relational Model. Show all of the
steps in the algorithm.

Finnegan’s Falderals Factory - Projects

Project-id Project-id, Activity-no

Manager Supervisor
Budget Estimated-duration
contains
PROJECT ACTIVITY

assigned to
Date-assigned-to worked on
Hours-spent

EMPLOYEE
Payroll-no
Date-hired
Personal-details.

ER To Relational Conversion Algorithm

Step 1: Each entity becomes a relation
Step 2: Each many-to-many relationship becomes a relation
Step 3: Each one-to-many relationship is represented by a foreign key
Step 4: Write out the final relational schema

[10 marks]