1. What is SQL Injection, and how can it be prevented?
Answer: SQL Injection is a code injection technique where an attacker manipulates an SQL query by injecting malicious SQL code. This can lead to unauthorized access, data leaks, or data manipulation.
Prevention techniques:
Use prepared statements (parameterized queries) instead of dynamic SQL.
Use ORM frameworks (e.g., Hibernate, Django ORM) which abstract SQL queries.
Validate and sanitize user input.
Apply the principle of least privilege for database accounts.
2. What are Cross-Site Scripting (XSS) attacks, and how can you mitigate them?
Answer: XSS is a type of security vulnerability that allows an attacker to inject malicious scripts into web pages viewed by other users. These scripts can steal cookies, session tokens, or perform actions on behalf of a user.
Prevention techniques:
Validate and sanitize all user inputs.
Encode outputs properly (e.g., HTML encoding).
Use Content Security Policy (CSP) headers.
Avoid inserting untrusted data directly into HTML, JavaScript, or URLs.
3. What is Cross-Site Request Forgery (CSRF), and how do you prevent it?
Answer: CSRF is an attack that tricks a user into executing unwanted actions on a web application in which they are authenticated. The attacker sends a malicious request on behalf of the user to perform actions they didn’t intend to.
Prevention techniques:
Use anti-CSRF tokens in forms and validate them on the server-side.
Ensure that state-changing operations (POST, PUT, DELETE) are not accessible via GET requests.
Use the SameSite attribute in cookies.
Require user re-authentication for sensitive actions.
4. What are the principles of secure coding?
Answer: The principles of secure coding include:
Input validation: Ensure all data inputs are validated, sanitized, and not trusted by default.
Least privilege: Ensure the minimal set of permissions required for a task is granted to users and processes.
Defense in depth: Implement multiple layers of security so that if one layer fails, others still protect the system.
Fail securely: Ensure that the system fails safely, without revealing sensitive information or increasing risk exposure.
Avoid security by obscurity: Rely on proven security practices rather than assuming that keeping implementation details secret will ensure security.
5. What is HTTPS, and why is it important?
Answer: HTTPS (Hypertext Transfer Protocol Secure) is the secure version of HTTP. It uses SSL/TLS encryption to secure communication between a client and a server, protecting against eavesdropping, man-in-the-middle (MITM) attacks, and data tampering.
Importance:
Ensures data confidentiality, integrity, and authenticity.
Encrypts sensitive data such as passwords and personal information during transmission.
Improves SEO rankings and user trust, as browsers mark non-HTTPS sites as "Not Secure."
6. Explain what OAuth is and how it works.
Answer: OAuth is an open standard for access delegation, commonly used as a way to grant websites or applications access to users' information on other platforms without exposing passwords.
How it works:
The user is redirected to an authorization server (e.g., Google, Facebook) to grant permission.
After the user approves the request, the authorization server provides an access token to the requesting application.
The application uses this access token to access the user’s data from the resource server, without needing the user’s credentials.
7. What are the differences between symmetric and asymmetric encryption?
Answer:
Symmetric encryption: Uses the same key for both encryption and decryption. It is faster but requires secure key exchange (e.g., AES).
Asymmetric encryption: Uses a pair of keys (public and private) where one key encrypts, and the other decrypts (e.g., RSA). It is slower but doesn’t require both parties to share a secret key.
8. How do you secure sensitive data stored in a database?
Answer:
Use encryption to protect sensitive data at rest (e.g., AES for encrypting database fields).
Ensure proper access control and least privilege for database accounts.
Use hashing (e.g., bcrypt or Argon2) for storing passwords.
Use database audit logs to track access and modifications to sensitive data.
Regularly patch and update database software to address security vulnerabilities.
9. What is the principle of least privilege and why is it important?
Answer: The principle of least privilege dictates that users and systems should only have the minimum level of access required to perform their functions. It limits potential damage in case of an account compromise.
Importance:
Reduces the attack surface.
Minimizes the impact of compromised credentials or exploited vulnerabilities.
Helps enforce compartmentalization and restricts lateral movement in case of an attack.
10. How do you handle secure file uploads in a web application?
Answer:
Validate file type: Restrict uploads to only allowed file types (e.g., using MIME type and file extension validation).
Limit file size: Set maximum size limits for uploaded files.
Scan for malware: Run uploaded files through virus and malware scanners.
Store files securely: Store uploaded files outside of the webroot to prevent direct access via URL.
Sanitize filenames: Avoid using user-supplied file names directly to prevent path traversal attacks. Generate safe, unique filenames.