.NET

Security & Best Practices

OWASP Top 10, SQL injection, XSS, CSRF, encryption, Data Protection API, rate limiting, User Secrets, Azure Key Vault

24 câu hỏi phỏng vấn·
Senior
1

What is SQL injection and how does this vulnerability affect web application security?

Câu trả lời

SQL injection is an attack where malicious SQL code is inserted into application inputs to manipulate database queries. It enables unauthorized access, modification, or deletion of data. In ASP.NET Core, using parameterized queries or Entity Framework protects against this critical OWASP Top 10 threat.

2

What is Cross-Site Scripting (XSS) and what are its main types?

Câu trả lời

XSS is a vulnerability allowing attackers to inject malicious JavaScript code into web pages. The three main types are: stored XSS (persistent data), reflected XSS (transient data), and DOM-based XSS (client-side manipulation). In ASP.NET Core, encoding output and using Content Security Policy prevent these attacks.

3

What is a CSRF (Cross-Site Request Forgery) attack and how to prevent it in ASP.NET Core?

Câu trả lời

CSRF is an attack where an authenticated user is tricked into performing unintended actions on a website. The attacker forces the browser to send authenticated requests to the target site. ASP.NET Core prevents CSRF with anti-forgery tokens (AntiForgeryToken), by validating origin and Referer headers, and using SameSite cookies.

4

What are the three main security controls in the OWASP Top 10?

5

What is the difference between authentication and authorization in .NET?

+21 câu hỏi phỏng vấn

Các chủ đề phỏng vấn .NET khác

C# Basics

Junior
25 câu hỏi

LINQ & Delegates

Junior
20 câu hỏi

C# Language Essentials

Junior
15 câu hỏi

ASP.NET Core Fundamentals

Junior
18 câu hỏi

ASP.NET Core Request Lifecycle

Junior
20 câu hỏi

Configuration & Settings

Junior
20 câu hỏi

Application Lifecycle

Junior
20 câu hỏi

Dependency Injection

Mid-Level
24 câu hỏi

Entity Framework Core

Mid-Level
25 câu hỏi

Minimal APIs

Mid-Level
18 câu hỏi

Web API Development

Mid-Level
22 câu hỏi

Async in ASP.NET Core

Mid-Level
20 câu hỏi

Authentication & Authorization

Mid-Level
18 câu hỏi

HttpClient & Networking

Mid-Level
20 câu hỏi

JSON Serialization

Mid-Level
20 câu hỏi

Entity Framework Core Advanced

Mid-Level
25 câu hỏi

C# Advanced Features

Mid-Level
20 câu hỏi

Clean Architecture

Mid-Level
20 câu hỏi

Logging, Monitoring & Observability

Mid-Level
22 câu hỏi

Unit Testing & xUnit

Mid-Level
20 câu hỏi

Integration Testing

Mid-Level
18 câu hỏi

Docker & Containerization

Mid-Level
16 câu hỏi

NuGet Package Management

Mid-Level
16 câu hỏi

Memory Management & GC

Senior
22 câu hỏi

Reactive Programming

Senior
24 câu hỏi

Async/await & Patterns

Senior
26 câu hỏi

.NET Design Patterns

Senior
24 câu hỏi

Performance Optimization

Senior
22 câu hỏi

SignalR & Real-time

Senior
22 câu hỏi

Microservices Architecture

Senior
25 câu hỏi

Nắm vững .NET cho lần phỏng vấn tiếp theo

Truy cập tất cả câu hỏi, flashcards, bài kiểm tra kỹ thuật, bài tập code review và mô phỏng phỏng vấn.

Bắt đầu miễn phí