Security

Question 1

Security by Default:

How do you write secure code? In your opinion, is it one of the developer’s duties, or does it require a specialized role in the company? And why?

Question 2

Don’t invent Cryptography:

Why is it said that cryptography is not something you should try to invent or design yourself?

Question 3

2-FA:

What is two-factor authentication? How would you implement it in an existing web application?

Question 4

Sensible Data in Logs:

If not carefully handled, there is always a risk of logs containing sensitive information, such as passwords. How would you deal with this?

Question 5

SQL Injection:

Write down a snippet of code affected by SQL injection and fix it.

Question 6

Detect SQL Injection:

How would it be possible to detect SQL injection via static code analysis? I don’t expect you to write an algorithm capable of doing this, as it is probably a huge topic, but let’s discuss a general approach.

Question 7

XSS:

What do you know about Cross-Site Scripting? If you don’t remember it, let’s review online its definition, and let’s discuss it.

Question 8

Cross-Site Forgery Attack:

What do you know about Cross-Site Forgery Attacks? If you don’t remember it, let’s review online its definition, and let’s discuss it.

Question 9

HTTPS:

How does HTTPS work?

Question 10

MITM Attack:

What’s a man-in-the-middle attack, and why does HTTPS help protect against it?

Question 11

Stealing Sessions:

How can you prevent the user’s session from being stolen? Chances are you remember what session or cookie hijacking is, otherwise let’s read its Wikipedia page together.