Security

Question 1

What is authentication vs authorization?

Answer 1

Authentication verifies who you are (login with username/password). Authorization determines what you’re allowed to do (permissions and access control).

Question 2

What is OAuth 2.0?

Answer 2

OAuth 2.0 is an authorization framework that allows third-party applications to access user resources without sharing passwords. Uses access tokens with limited scope and lifetime.

Question 3

What is JWT (JSON Web Token)?

Answer 3

JWT is a compact, self-contained token for securely transmitting information between parties. Contains header, payload, and signature. Used for authentication and information exchange.

Question 4

What is rate limiting?

Answer 4

Rate limiting restricts the number of requests a user can make in a time window. It prevents abuse, DDoS attacks, and ensures fair resource usage. Common algorithms: token bucket, leaky bucket.

Question 5

What is HTTPS and why is it important?

Answer 5

HTTPS encrypts HTTP traffic using TLS/SSL. It ensures data confidentiality, integrity, and authentication. Prevents eavesdropping, tampering, and man-in-the-middle attacks.

Question 6

What is SQL injection?

Answer 6

SQL injection is a security vulnerability where attackers insert malicious SQL code through input fields. Prevention: use parameterized queries, input validation, and ORMs.

Question 7

What is XSS (Cross-Site Scripting)?

Answer 7

XSS allows attackers to inject malicious scripts into web pages viewed by other users. Prevention: sanitize user input, encode output, use Content Security Policy headers.

Question 8

What is CORS (Cross-Origin Resource Sharing)?

Answer 8

CORS is a security mechanism that controls how web pages from one domain can access resources from another domain. Prevents unauthorized cross-origin requests in browsers.

Question 9

What is a DDoS attack?

Answer 9

Distributed Denial of Service attack overwhelms a system with traffic from multiple sources, making it unavailable. Mitigation: rate limiting, traffic filtering, CDN, auto-scaling.

Question 10

What is encryption at rest vs in transit?

Answer 10

At rest: encrypting data stored on disk (databases, files). In transit: encrypting data being transmitted over networks (HTTPS, TLS). Both are needed for comprehensive security.