.NET

Security & Best Practices

OWASP Top 10, SQL injection, XSS, CSRF, encryption, Data Protection API, rate limiting, User Secrets, Azure Key Vault

24 mülakat soruları·
Senior
1

What is SQL injection and how does this vulnerability affect web application security?

Cevap

SQL injection is an attack where malicious SQL code is inserted into application inputs to manipulate database queries. It enables unauthorized access, modification, or deletion of data. In ASP.NET Core, using parameterized queries or Entity Framework protects against this critical OWASP Top 10 threat.

2

What is Cross-Site Scripting (XSS) and what are its main types?

Cevap

XSS is a vulnerability allowing attackers to inject malicious JavaScript code into web pages. The three main types are: stored XSS (persistent data), reflected XSS (transient data), and DOM-based XSS (client-side manipulation). In ASP.NET Core, encoding output and using Content Security Policy prevent these attacks.

3

What is a CSRF (Cross-Site Request Forgery) attack and how to prevent it in ASP.NET Core?

Cevap

CSRF is an attack where an authenticated user is tricked into performing unintended actions on a website. The attacker forces the browser to send authenticated requests to the target site. ASP.NET Core prevents CSRF with anti-forgery tokens (AntiForgeryToken), by validating origin and Referer headers, and using SameSite cookies.

4

What are the three main security controls in the OWASP Top 10?

5

What is the difference between authentication and authorization in .NET?

+21 mülakat soruları

Diğer .NET mülakat konuları

C# Basics

Junior
25 soru

LINQ & Delegates

Junior
20 soru

C# Language Essentials

Junior
15 soru

ASP.NET Core Fundamentals

Junior
18 soru

ASP.NET Core Request Lifecycle

Junior
20 soru

Configuration & Settings

Junior
20 soru

Application Lifecycle

Junior
20 soru

Dependency Injection

Mid-Level
24 soru

Entity Framework Core

Mid-Level
25 soru

Minimal APIs

Mid-Level
18 soru

Web API Development

Mid-Level
22 soru

Async in ASP.NET Core

Mid-Level
20 soru

Authentication & Authorization

Mid-Level
18 soru

HttpClient & Networking

Mid-Level
20 soru

JSON Serialization

Mid-Level
20 soru

Entity Framework Core Advanced

Mid-Level
25 soru

C# Advanced Features

Mid-Level
20 soru

Clean Architecture

Mid-Level
20 soru

Logging, Monitoring & Observability

Mid-Level
22 soru

Unit Testing & xUnit

Mid-Level
20 soru

Integration Testing

Mid-Level
18 soru

Docker & Containerization

Mid-Level
16 soru

NuGet Package Management

Mid-Level
16 soru

Memory Management & GC

Senior
22 soru

Reactive Programming

Senior
24 soru

Async/await & Patterns

Senior
26 soru

.NET Design Patterns

Senior
24 soru

Performance Optimization

Senior
22 soru

SignalR & Real-time

Senior
22 soru

Microservices Architecture

Senior
25 soru

Bir sonraki mülakatın için .NET'de uzmanlaş

Tüm sorulara, flashcards'a, teknik testlere, code review alıştırmalarına ve mülakat simülatörlerine eriş.

Ücretsiz başla