Security & Best Practices
OWASP Top 10, SQL injection, XSS, CSRF, encryption, Data Protection API, rate limiting, User Secrets, Azure Key Vault
1What is SQL injection and how does this vulnerability affect web application security?
What is SQL injection and how does this vulnerability affect web application security?
คำตอบ
SQL injection is an attack where malicious SQL code is inserted into application inputs to manipulate database queries. It enables unauthorized access, modification, or deletion of data. In ASP.NET Core, using parameterized queries or Entity Framework protects against this critical OWASP Top 10 threat.
2What is Cross-Site Scripting (XSS) and what are its main types?
What is Cross-Site Scripting (XSS) and what are its main types?
คำตอบ
XSS is a vulnerability allowing attackers to inject malicious JavaScript code into web pages. The three main types are: stored XSS (persistent data), reflected XSS (transient data), and DOM-based XSS (client-side manipulation). In ASP.NET Core, encoding output and using Content Security Policy prevent these attacks.
3What is a CSRF (Cross-Site Request Forgery) attack and how to prevent it in ASP.NET Core?
What is a CSRF (Cross-Site Request Forgery) attack and how to prevent it in ASP.NET Core?
คำตอบ
CSRF is an attack where an authenticated user is tricked into performing unintended actions on a website. The attacker forces the browser to send authenticated requests to the target site. ASP.NET Core prevents CSRF with anti-forgery tokens (AntiForgeryToken), by validating origin and Referer headers, and using SameSite cookies.
What are the three main security controls in the OWASP Top 10?
What is the difference between authentication and authorization in .NET?
+21 คำถามสัมภาษณ์
หัวข้อสัมภาษณ์ .NET อื่นๆ
C# Basics
LINQ & Delegates
C# Language Essentials
ASP.NET Core Fundamentals
ASP.NET Core Request Lifecycle
Configuration & Settings
Application Lifecycle
Dependency Injection
Entity Framework Core
Minimal APIs
Web API Development
Async in ASP.NET Core
Authentication & Authorization
HttpClient & Networking
JSON Serialization
Entity Framework Core Advanced
C# Advanced Features
Clean Architecture
Logging, Monitoring & Observability
Unit Testing & xUnit
Integration Testing
Docker & Containerization
NuGet Package Management
Memory Management & GC
Reactive Programming
Async/await & Patterns
.NET Design Patterns
Performance Optimization
SignalR & Real-time
Microservices Architecture
เชี่ยวชาญ .NET สำหรับการสัมภาษณ์ครั้งถัดไป
เข้าถึงคำถามทั้งหมด flashcards แบบทดสอบเทคนิค แบบฝึกหัด code review และตัวจำลองสัมภาษณ์
เริ่มใช้ฟรี