Q 1:- What you will do for make your code more secure?
I will review my code from beginning and understand the security issues that are possible in the code, after that i will resolve them.
Q 2:- How much time you will set for review, is there any time limit, if you not getting security issues?
I will set reasonable time limit on my review, and then optimize my review for this limit. If I find myself spending too much time in any one area (especially if it is not a high-priority area or objective),then I flag it for later review and move on.
Q 3:- What you will do if you have not much time for (asp.net project) security review?
I will limit my reviews to small, manageable pieces of code. This allows me to finish quickly, stay focused, and find a larger number of security issues in the code me examining.
Q 4:- What is the difference between Authentication and Authorization?
Authentication means validating users. In this step, we verify user credentials to check whether the person tying to log in is the right one or not. Authorization on the other hand is keeping track of what the current user is allowed to see and what should be hidden from him.
Q 5:- What do you understand by SQL Injection attack?
A SQL injection attack occurs when untrusted input can modify the logic of a SQL query in unexpected ways.
Q 6:- What you will do to prevent SQL injection?
I will use parameterized and typed stored procedures.
The typed SQL parameter checks the type and length of the input, and it ensures that the userName input value is treated as a literal value and not as executable code in the database.
Q 7:- If you are not using Stored Procedure, think you are using simple sql statment then what you will do to prevent SQL injections?
If the code does not use stored procedures, make sure that it uses parameters in the SQL statements it constructs, as shown in the following example.
select status from Users where UserName=@userName
I will check that the code does not use the following approach, where the input is used directly to construct the executable SQL statement by using string concatenation.
string sql = "select status from tblUsers where UserName='"
+ txtUserName.Text + "'";
Q 8:- What do you understand by XSS?
Cross-site scripting (also known as XSS or CSS)
Q 9:- What is Cross-site scripting (XSS)?
Cross Site Scripting (or XSS) is one of the most common application-layer web attacks. XSS commonly targets scripts embedded in a page which are executed on the client-side (in the user’s web browser) rather than on the server-side.
For example, the HTML snippet:
<title>Example document: %(title)</title>
is intended to illustrate a template snippet that, if the variable title has value Cross-Site Scripting, results in the following HTML to be emitted to the browser:
<title>Example document: XSS Doc</title>
A site containing a search field does not have the proper input sanitizing. By crafting a search query looking something like this:
Sitting on the other end, at the Webserver, you will be receiving hits where after a double space is the users cookie. You might strike lucky if an administrator clicks the link, allowing you to steal their sessionID and hijack the session.
Q 10:- What is the difference between Windows and Forums Authentication?
Windows Authentication: is provided so that web pages can make use of the local Windows User and Groups.In it windows actual login name and password is used for authentication.
Forms Authentication: Under Forms Authentication user can able to create their own
login name and password it is basically a cookie based
authentication system which stores the login name and
password in database file.
|Top 20 Interview questions on REST API|
|Basic ASP.NET - .NET Interview Questions and Answers II|
|Basic ASP.NET - .NET Interview Questions and Answers|
|Asp.Net, C# Interview Questions and Answers Set 3|
|Asp.Net Interview Questions and Answers Set 2|
|Sql Interview questions and Answers Set-1|
|Asp.Net Interview Questions and Answers Set-1|
|Why Use a DBMS?|
|What exactly is happening when we make a field a primary key?|
|Jquery Interview Questions Answers Set-1|
|ASP.NET Security Impersonation Interview Question And Answers For 2-5 Years Experienced|
|Asp.Net State Management/Session Interview Questions Answers|
|ASP.NET VIEW State Interview Questions and Answers 2-4 Years Experienced|
|ASP.NET Web.Config Interview Questions & Answers|
|How many types of memories are there in .net?|
|Which is the parent class of the Web server control?|
|Update a table using JOIN in SQL Server?|
|Types of Constructors in C#|
|What is the difference between HTML and Web server controls?|
|In which event are the controls fully loaded?|
|What is the life for items stored in ViewState?|
|How can we identify that the Page is Post Back?|
|What is the basic difference between ASP and ASP.NET?|
|What is an ajaxError() in jquery?|
|How we find loop in Linked List?|
|What are the different ways to deploy a assembly ?|
|Which is the common property in every Validation control ?|
|By default where the sessions ID's are stored ?|
|ASP.Net MVC Interview Questions Objective Part 1|