ASP.NET Security Impersonation Interview Question and Answers for 5 years Experienced Security Interview Questions and Answers for 3-5 experienced. Latest Security Interview Questions with Answers. Hi friend... Security Interview Questions and Answers for 3-5 experienced.
Latest Security Interview Questions with Answers.
Hi friends here I come with Security related questions for experienced developers. This set contain 10 questions related to security. 
So lets start


Q 1:- What you will do for make your code more secure?
Ans:- I will review my code from beginning and understand the security issues that are possible in the code, after that i will resolve them.

Q 2:- How much time you will set for review, is there any time limit, if you not getting security issues?
Ans:- I will set reasonable time limit on my review, and then optimize my review for this limit. If I find myself spending too much time in any one area (especially if it is not a high-priority area or objective),then I flag it for later review and move on.

Q 3:- What you will do if you have not much time for ( project) security review?
Ans:- I will limit my reviews to small, manageable pieces of code. This allows me to finish quickly, stay focused, and find a larger number of security issues in the code me examining.

Q 4:- What is the difference between Authentication and Authorization?
Ans:- Authentication means validating users. In this step, we verify user credentials to check whether the person tying to log in is the right one or not. 
Authorization on the other hand is keeping track of what the current user is allowed to see and what should be hidden from him.

Q 5:- What do you understand by SQL Injection attack?
Ans:- A SQL injection attack occurs when untrusted input can modify the logic of a SQL query in unexpected ways.

Q 6:- What you will do to prevent SQL injection?
Ans:- I will use parameterized and typed stored procedures.
The typed SQL parameter checks the type and length of the input, and it ensures that the userName input value is treated as a literal value and not as executable code in the database.

Q 7:- If you are not using Stored Procedure, think you are using simple sql statment then what you will do to prevent SQL injections?
Ans:- If the code does not use stored procedures, make sure that it uses parameters in the SQL statements it constructs, as shown in the following example.
select status from Users where UserName=@userName
I will check that the code does not use the following approach, where the input is used directly to construct the executable SQL statement by using string concatenation.
string sql = "select status from Users where UserName='"
+ txtUserName.Text + "'";

Q 8:- What do you understand by XSS?
Ans:- Cross-site scripting (also known as XSS or CSS) 

Q 9:- What is Cross-site scripting (XSS)?
Ans:- Cross Site Scripting (or XSS) is one of the most common application-layer web attacks. XSS commonly targets scripts embedded in a page which are executed on the client-side (in the user’s web browser) rather than on the server-side. 

Example 1.
For example, the HTML snippet:
<title>Example document: %(title)</title>

is intended to illustrate a template snippet that, if the variable title has value Cross-Site Scripting, results in the following HTML to be emitted to the browser:
<title>Example document: XSS Doc</title>
A site containing a search field does not have the proper input sanitizing. By crafting a search query looking something like this:
Sitting on the other end, at the Webserver, you will be receiving hits where after a double space is the users cookie. You might strike lucky if an administrator clicks the link, allowing you to steal their sessionID and hijack the session.

Q 10:- What is the difference between Windows and Forums Authentication?
Ans:- Windows Authentication: is provided so that web pages
can make use of the local Windows User and Groups.In it windows actual login name and
password is used for authentication.

Forms Authentication: Under Forms Authentication user can able to create their own
login name and password it is basically a cookie based
authentication system which stores the login name and
password in database file.


INTERVIEW QUESTIONS 7914012272655241903

Post a comment


Follow Us




Side Ads

Text Widget

Connect Us

Sql Server 2017 Interview Questions
Sql Server Basic Interview Query Set-1
Sql Server Basic Interview Query Set-2
Sql Server Date-Time Interview Query SET-3
Sql Server Salary Interview Query SET-4
Sql Server Group By Interview Query SET-5
Sql Server Join Interview Query SET-6
Sql Server Tricky Join Interview Query SET-7
Sql Server DDL Interview Query SET-8
Small but very Tricky Sql Server Query SET-9
Very Much Tricky Query (not 4 fresher)SET-10
Sql Server Complex Interview Query SET-11
Sql Server Datatype Interview Questions
Sql Server View Interview Questions
Sql Server Index Interview Questions
TCS Tricky Sql Interview Queries
HCL Sql Interview Queries
Sql Server SP Interview Questions
Sql Server Trigger Interview Questions
Sql Server Temp Table Interview Questions
Sql Server 2016 Interview Questions
Sql Server Performance Tuning Interview Q.
Sql Server Constraints Interview Questions
Sql Server Storage/Size Interview Questions
Sql Server Very Basic Interview Questions
Sql Server Quiz for Fresher
Sql Server Icon Quiz for All
Sql Server 300+ Theoretical Interview Questions
Sql Server Complete Set

ASP.NET: Web Config Interview Question
ASP.NET: View State Interview Question
ASP.NET: Session Interview Question
ASP.NET: Session Interview Question 
ASP.NET: Security Interview Question
ASP.NET: Catching Interview Question
C# OOPS Interview Question
MORE Interview Question
JQUERY: Interview Question Set-1
JQUERY: Interview Question Set-2
JAVA-SCRIPT: Interview Question Set-1
JAVA-SCRIPT: Interview Question Set-2
ASP.NET MVC: Interview Question Set-1