.NET

Security & Best Practices

OWASP Top 10, SQL injection, XSS, CSRF, encryption, Data Protection API, rate limiting, User Secrets, Azure Key Vault

24 perguntas de entrevistaยท
Senior
1

What is SQL injection and how does this vulnerability affect web application security?

Resposta

SQL injection is an attack where malicious SQL code is inserted into application inputs to manipulate database queries. It enables unauthorized access, modification, or deletion of data. In ASP.NET Core, using parameterized queries or Entity Framework protects against this critical OWASP Top 10 threat.

2

What is Cross-Site Scripting (XSS) and what are its main types?

Resposta

XSS is a vulnerability allowing attackers to inject malicious JavaScript code into web pages. The three main types are: stored XSS (persistent data), reflected XSS (transient data), and DOM-based XSS (client-side manipulation). In ASP.NET Core, encoding output and using Content Security Policy prevent these attacks.

3

What is a CSRF (Cross-Site Request Forgery) attack and how to prevent it in ASP.NET Core?

Resposta

CSRF is an attack where an authenticated user is tricked into performing unintended actions on a website. The attacker forces the browser to send authenticated requests to the target site. ASP.NET Core prevents CSRF with anti-forgery tokens (AntiForgeryToken), by validating origin and Referer headers, and using SameSite cookies.

4

What are the three main security controls in the OWASP Top 10?

5

What is the difference between authentication and authorization in .NET?

+21 perguntas de entrevista

Outros temas de entrevista .NET

C# Basics

Junior
25 perguntas

LINQ & Delegates

Junior
20 perguntas

C# Language Essentials

Junior
15 perguntas

ASP.NET Core Fundamentals

Junior
18 perguntas

ASP.NET Core Request Lifecycle

Junior
20 perguntas

Configuration & Settings

Junior
20 perguntas

Application Lifecycle

Junior
20 perguntas

Dependency Injection

Mid-Level
24 perguntas

Entity Framework Core

Mid-Level
25 perguntas

Minimal APIs

Mid-Level
18 perguntas

Web API Development

Mid-Level
22 perguntas

Async in ASP.NET Core

Mid-Level
20 perguntas

Authentication & Authorization

Mid-Level
18 perguntas

HttpClient & Networking

Mid-Level
20 perguntas

JSON Serialization

Mid-Level
20 perguntas

Entity Framework Core Advanced

Mid-Level
25 perguntas

C# Advanced Features

Mid-Level
20 perguntas

Clean Architecture

Mid-Level
20 perguntas

Logging, Monitoring & Observability

Mid-Level
22 perguntas

Unit Testing & xUnit

Mid-Level
20 perguntas

Integration Testing

Mid-Level
18 perguntas

Docker & Containerization

Mid-Level
16 perguntas

NuGet Package Management

Mid-Level
16 perguntas

Memory Management & GC

Senior
22 perguntas

Reactive Programming

Senior
24 perguntas

Async/await & Patterns

Senior
26 perguntas

.NET Design Patterns

Senior
24 perguntas

Performance Optimization

Senior
22 perguntas

SignalR & Real-time

Senior
22 perguntas

Microservices Architecture

Senior
25 perguntas

Domine .NET para sua proxima entrevista

Acesse todas as perguntas, flashcards, testes tecnicos, exercicios de code review e simuladores de entrevista.

Comece gratis