Security & Best Practices
OWASP Top 10, SQL injection, XSS, CSRF, encryption, Data Protection API, rate limiting, User Secrets, Azure Key Vault
1What is SQL injection and how does this vulnerability affect web application security?
What is SQL injection and how does this vulnerability affect web application security?
回答
SQL injection is an attack where malicious SQL code is inserted into application inputs to manipulate database queries. It enables unauthorized access, modification, or deletion of data. In ASP.NET Core, using parameterized queries or Entity Framework protects against this critical OWASP Top 10 threat.
2What is Cross-Site Scripting (XSS) and what are its main types?
What is Cross-Site Scripting (XSS) and what are its main types?
回答
XSS is a vulnerability allowing attackers to inject malicious JavaScript code into web pages. The three main types are: stored XSS (persistent data), reflected XSS (transient data), and DOM-based XSS (client-side manipulation). In ASP.NET Core, encoding output and using Content Security Policy prevent these attacks.
3What is a CSRF (Cross-Site Request Forgery) attack and how to prevent it in ASP.NET Core?
What is a CSRF (Cross-Site Request Forgery) attack and how to prevent it in ASP.NET Core?
回答
CSRF is an attack where an authenticated user is tricked into performing unintended actions on a website. The attacker forces the browser to send authenticated requests to the target site. ASP.NET Core prevents CSRF with anti-forgery tokens (AntiForgeryToken), by validating origin and Referer headers, and using SameSite cookies.
What are the three main security controls in the OWASP Top 10?
What is the difference between authentication and authorization in .NET?
+21 面接問題