Sign in to unlock

Get unlimited access to all questions and answers

checked

Get lifetime access

checked

Track progress

checked

Save time

đź‘‹

Hi! Please sign in to edit.

You will receive an email notification when your contribution is accepted.

The fastest way to prepare
for a tech interview

Check our curated list of full-stack, data structures & software architecture interview questions and answers for developers

* If it's yours original answer, you can add a link to your social media account or personal website.
Web Security interview questions

Web Security interview questions.

Only challenges
Topic progress: 0%
  • 1.

    What is SQL injection?

    premium question
    completed

    Answer:

  • 2.

    What is the difference between Authentication vs Authorization?

    premium question
    completed

    Answer:

  • 3.

    What is Security Testing?

    premium question
    completed

    Answer:

  • 4.

    What is a DDOS attack?

    premium question
    completed

    Answer:

  • 5.

    What is OWASP?

    premium question
    completed

    Answer:

  • 6.

    List the various methodologies in Security testing?

    premium question
    completed

    Answer:

  • 7.

    What is “Vulnerability”?

    premium question
    completed

    Answer:

  • 8.

    What is a botnet?

    premium question
    completed

    Answer:

  • 9.

    What is Cross-Site Scripting (XSS)?

    premium question
    completed

    Answer:

  • 10.

    What is DOM-based XSS?

    premium question
    completed

    Answer:

  • 11.

    Mention what flaw arises from session tokens having poor randomness across a range of values?

    premium question
    completed

    Answer:

  • 12.

    How to mitigate the SQL Injection risks?

    premium question
    completed

    Answer:

  • 13.

    What is Cross Site Scripting (XSS)?

    premium question
    completed

    Answer:

  • 14.

    How can we Protect Web Applications From Forced Browsing?

    premium question
    completed

    Answer:

  • 15.

    What is an SSL Certificate?

    premium question
    completed

    Answer:

  • 16.

    What is Content Security Policy?

    premium question
    completed

    Answer:

  • 17.

    What is CORS and how to enable one?

    premium question
    completed

    Answer:

  • 18.

    How can I prevent XSS?

    premium question
    completed

    Answer:

  • 19.

    What is Session Hijacking?

    premium question
    completed

    Answer:

  • 20.

    What is Intrusion Detection System (IDS)?

    premium question
    completed

    Answer:

  • 21.

    Explain what threat arises from not flagging HTTP cookies with tokens as secure?

    premium question
    completed

    Answer:

  • 22.

    Why is the Root Certificate important?

    premium question
    completed

    Answer:

  • 23.

    Provide some "robots.txt" anti-pattern usage

    premium question
    completed

    Answer:

  • 24.

    What is ClickJacking?

    premium question
    completed

    Answer:

  • 25.

    What is a Honeypot?

    premium question
    completed

    Answer:

  • 26.

    Mention what happens when an application takes user inserted data and sends it to a web browser without proper validation and escaping?

    premium question
    completed

    Answer:

  • 27.

    What is HTTP Public Key Pinning and when to use it?

    premium question
    completed

    Answer:

  • 28.

    How to mitigate the risk of Weak authentication and session management?

    premium question
    completed

    Answer:

  • 29.

    What is the difference between encryption, encoding, and hashing?

    premium question
    completed

    Answer:

  • 30.

    Could you explain the difference between penetration testing and other forms of security testing?

    premium question
    completed

    Answer:

  • 31.

    What is Cross-site request forgery and how to mitigate it?

    premium question
    completed

    Answer:

  • 32.

    Apart from mailing links of error pages, are there other methods of exploiting XSS?

    premium question
    completed

    Answer:

  • 33.

    List the attributes of Security Testing

    premium question
    completed

    Answer:

  • 34.

    Name the elements of PKI

    premium question
    completed

    Answer:

  • 35.

    What is the difference between IDS and firewalls?

    premium question
    completed

    Answer:

  • 36.

    Can XSS be prevented without modifying the source code?

    premium question
    completed

    Answer:

  • 37.

    Mention what threat can be avoided by having unique usernames produced with a high degree of entropy?

    premium question
    completed

    Answer:

  • 38.

    What information can an attacker steal using XSS?

    premium question
    completed

    Answer:

  • 39.

    What is Cross-Site Request Forgery?

    premium question
    completed

    Answer:

  • 40.

    How to mitigate the risk of Sensitive Data Exposure?

    premium question
    completed

    Answer:

  • 41.

    What is PKI?

    premium question
    completed

    Answer:

  • 42.

    List Top 10 OWASP Vulnerabilities

    premium question
    completed

    Answer:

  • 43.

    What Is Failure to Restrict URL Access?

    premium question
    completed

    Answer:

  • 44.

    What is a Bug Bounty?

    premium question
    completed

    Answer:

  • 45.

    What is Stored XSS?

    premium question
    completed

    Answer:

  • 46.

    How does SSL/TLS work ?

    premium question
    completed

    Answer:

  • 47.

    What are X-Frame-Options?

    premium question
    completed

    Answer:

  • 48.

    What is Cross Site Tracing (XST)? How can it be prevented?

    premium question
    completed

    Answer:

  • 49.

    How to Prevent Breaches Due to Failure to Restrict URL Access?

    premium question
    completed

    Answer:

  • 50.

    What is HSTS?

    premium question
    completed

    Answer:

  • 51.

    What are the types of XSS?

    premium question
    completed

    Answer:

  • 52.

    What is Reflected XSS?

    premium question
    completed

    Answer:

  • 53.

    If you can decode JWT, how are they secure?

    premium question
    completed

    Answer:

  • 54.

    How to ensure that a file can only be decrypted after a specific date?

    premium question
    completed

    Answer:

  • 55.

    Is it possible to decrypt MD5 hashes? Explain.

    premium question
    completed

    Answer:

  • 56.

    What is Content Security Policy (CSP)?

    premium question
    completed

    Answer:

  • 57.

    How would you secure WebSockets communication on your project?

    premium question
    completed

    Answer:

  • 58.

    How to use CHAP Authentication (Challenge Response Authentication) for webSockets?

    premium question
    completed

    Answer:

  • 59.

    How to use Content Security Policy (CSP) against clickjacking?

    premium question
    completed

    Answer:

  • 60.

    Mention what is the basic design of OWASP ESAPI?

    premium question
    completed

    Answer:

  • 61.

    What is a Salt and How Does It Make Password Hashing More Secure?

    premium question
    completed

    Answer:

  • 62.

    How come that hash values are not reversible?

    premium question
    completed

    Answer:

  • 63.

    How to check if HSTS is enabled?

    premium question
    completed

    Answer:

One tip that got me hired by Google, Microsoft, and Stripe

I've worked for Microsoft, Google, Stripe, and received offers from many other companies. One thing I learned when I was interviewing myself is that standard interview tips are woefully inadequate.

Reverse Tech Interview: Questions to Stump an Interviewer

Few people want to get into an uncomfortable environment or an unprofitable company with no prospects. If you’re wondering how to get a real feel for a company during an interview, you’re welcome. I’ll give a list of questions that interviewers don’t usually expect...

How to become a programmer, move to the US, and get a dream job

Are you curious about what you need to do to earn more than $15.000 a month, drive a Tesla, live in sunny California, and work at Google, Apple, Facebook, or Amazon?

11 Reactive Systems interview questions and answers for software engineers

Reactive systems are an architectural style that allows multiple individual applications to blend into one unit, reacting to their environment, while staying aware of each other. Here is a list of coding interview questions on Reactive Systems to help you get ready for your next data struc...

. Reactive Systems
34 Microservices interview questions and answers for software engineers

Microservice architecture – a variant of the service-oriented architecture structural style – arranges an application as a collection of loosely coupled services. In a microservices architecture, services are fine-grained and the protocols are lightweight. Here is a list of coding intervie...

. Microservices
7 Layering & Middleware interview questions for developers

Middleware in the context of distributed applications is software that provides services beyond those provided by the operating system to enable the various components of a distributed system to communicate and manage data. Middleware supports and simplifies complex distributed application...

. Layering & Middleware
55 Docker interview questions and answers for software engineers

Docker is a set of platform as a service products that use OS-level virtualization to deliver software in packages called containers. Here is a list of coding interview questions on Docker to help you get ready for your next data structures interview in 2021.

. Docker
23 Databases interview questions and answers for software engineers

A database is an organized collection of data, generally stored and accessed electronically from a computer system. Where databases are more complex they are often developed using formal design and modeling techniques. Here is a list of coding interview questions on Databases to help you g...

. Databases
21 Concurrency interview questions and answers for software engineers

In computer science, concurrency is the ability of different parts or units of a program, algorithm, or problem to be executed out-of-order or in partial order, without affecting the final outcome. Here is a list of coding interview questions on Concurrency to help you get ready for your n...

. Concurrency
13 CAP Theorem interview questions and answers for software engineers

In theoretical computer science, the CAP theorem, also named Brewer's theorem after computer scientist Eric Brewer, states that it is impossible for a distributed data store to simultaneously provide more than two out of the following three guarantees: Consistency: Every read receives the ...

. CAP Theorem
Load more posts

Features

folder icon

Access all answers

Get the inside track on what to expect in your next tech interview. We offer you a collection of high quality technical interview questions to help you prepare for your next coding interview.

graph icon

Track progress

A smart interface helps you track your progress and focus on the topics you need. You can search through questions or sort them by difficulty or type.

clock icon

Save time

Save tens of hours searching for information on hundreds of low-quality sites designed to drive traffic and make money from advertising.

Land a six-figure job at one of the top companies.

amazon logo facebook logo google logo microsoft logo uber logo
Prepare for a technical interview

Get hired with our
tech interview questions & answers