.NET

Security & Best Practices

OWASP Top 10, SQL injection, XSS, CSRF, encryption, Data Protection API, rate limiting, User Secrets, Azure Key Vault

24 gespreksvragen·
Senior
1

What is SQL injection and how does this vulnerability affect web application security?

Antwoord

SQL injection is an attack where malicious SQL code is inserted into application inputs to manipulate database queries. It enables unauthorized access, modification, or deletion of data. In ASP.NET Core, using parameterized queries or Entity Framework protects against this critical OWASP Top 10 threat.

2

What is Cross-Site Scripting (XSS) and what are its main types?

Antwoord

XSS is a vulnerability allowing attackers to inject malicious JavaScript code into web pages. The three main types are: stored XSS (persistent data), reflected XSS (transient data), and DOM-based XSS (client-side manipulation). In ASP.NET Core, encoding output and using Content Security Policy prevent these attacks.

3

What is a CSRF (Cross-Site Request Forgery) attack and how to prevent it in ASP.NET Core?

Antwoord

CSRF is an attack where an authenticated user is tricked into performing unintended actions on a website. The attacker forces the browser to send authenticated requests to the target site. ASP.NET Core prevents CSRF with anti-forgery tokens (AntiForgeryToken), by validating origin and Referer headers, and using SameSite cookies.

4

What are the three main security controls in the OWASP Top 10?

5

What is the difference between authentication and authorization in .NET?

+21 gespreksvragen

Andere .NET-sollicitatieonderwerpen

C# Basics

Junior
25 vragen

LINQ & Delegates

Junior
20 vragen

C# Language Essentials

Junior
15 vragen

ASP.NET Core Fundamentals

Junior
18 vragen

ASP.NET Core Request Lifecycle

Junior
20 vragen

Configuration & Settings

Junior
20 vragen

Application Lifecycle

Junior
20 vragen

Dependency Injection

Mid-Level
24 vragen

Entity Framework Core

Mid-Level
25 vragen

Minimal APIs

Mid-Level
18 vragen

Web API Development

Mid-Level
22 vragen

Async in ASP.NET Core

Mid-Level
20 vragen

Authentication & Authorization

Mid-Level
18 vragen

HttpClient & Networking

Mid-Level
20 vragen

JSON Serialization

Mid-Level
20 vragen

Entity Framework Core Advanced

Mid-Level
25 vragen

C# Advanced Features

Mid-Level
20 vragen

Clean Architecture

Mid-Level
20 vragen

Logging, Monitoring & Observability

Mid-Level
22 vragen

Unit Testing & xUnit

Mid-Level
20 vragen

Integration Testing

Mid-Level
18 vragen

Docker & Containerization

Mid-Level
16 vragen

NuGet Package Management

Mid-Level
16 vragen

Memory Management & GC

Senior
22 vragen

Reactive Programming

Senior
24 vragen

Async/await & Patterns

Senior
26 vragen

.NET Design Patterns

Senior
24 vragen

Performance Optimization

Senior
22 vragen

SignalR & Real-time

Senior
22 vragen

Microservices Architecture

Senior
25 vragen

Beheers .NET voor je volgende gesprek

Krijg toegang tot alle vragen, flashcards, technische tests, code review-oefeningen en gespreksimulatoren.

Begin gratis