Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Q18: How to mitigate the SQL Injection risks? ⭐⭐
To mitigate SQL injection:
Q41: Apart from mailing links of error pages, are there other methods of exploiting XSS? ⭐⭐⭐
Q22: How can I prevent XSS? ⭐⭐
XSS can be prevented by sanitizing user input to the application. Always allowed those elements as input which is absolutely essential for that field.
Q39: What Is Failure to Restrict URL Access? ⭐⭐⭐
Q43: What is PKI? ⭐⭐⭐
Users who have contributed to this file
Q46: How come that hash values are not reversible? ⭐⭐⭐⭐
Q27: What is Cross-Site Request Forgery? ⭐⭐⭐
Q54: What is Cross Site Tracing (XST)? How can it be prevented? ⭐⭐⭐⭐
Q35: Mention what threat can be avoided by having unique usernames produced with a high degree of entropy? ⭐⭐⭐
The purpose of this document is to help security folks prepare for common security interview questions and answers. Lot of materials only include questions and doesnt include answers. Hence i compiled the resources together. The code review section is especially useful for folks doing code review not just preparing for interviews.
Q1: What is the difference between Authentication vs Authorization? ⭐
Or in short:
Q44: Name the elements of PKI ⭐⭐⭐
Q2: What is SQL injection? ⭐
Injection attacks stem from a lack of strict separation between program instructions (i.e., code) and user-provided (or external) input. This allows an attacker to inject malicious code into a data snippet.
SQL injection is one of the most common types of injection attack. To carry it out, an attacker provides malicious SQL statements through the application.
How to prevent: