Parag Dairy Interview Questions and Answers

Security headers are used to enhance the security of web applications by providing additional protection against attacks.

• Common security headers include Content-Security-Policy (CSP), X-XSS-Protection, X-Content-Type-Options, X-Frame-Options, and Strict-Transport-Security (HSTS)

• CSP helps prevent cross-site scripting (XSS) attacks by specifying which sources of content are allowed to be loaded

• X-XSS-Protection helps prevent XSS attacks by enabling the browser's built-in XSS pro...read more

httpsOnly and secure flag are used for securing web traffic and preventing attacks.

• httpsOnly ensures that all traffic to a website is encrypted and cannot be intercepted by attackers.

• Secure flag ensures that cookies are only sent over encrypted connections, preventing session hijacking attacks.

• Both are important security measures for protecting sensitive information and preventing attacks.

• Examples of websites that use httpsOnly and secure flag include online banking and e-com...read more

XSS is a type of web vulnerability that allows attackers to inject malicious scripts into web pages viewed by other users.

• XSS stands for Cross-Site Scripting.

• Attackers can exploit XSS vulnerabilities by injecting malicious scripts into web pages viewed by other users.

• These scripts can steal sensitive information, such as login credentials or personal data, from the victim's browser.

• XSS attacks can be prevented by properly sanitizing user input and encoding output.

• There are th...read more

SAST and DAST are security testing techniques used to identify vulnerabilities in software applications.

• SAST (Static Application Security Testing) is performed on the source code of an application to identify security vulnerabilities before the application is compiled and deployed.

• DAST (Dynamic Application Security Testing) is performed on a running application to identify vulnerabilities in real-time.

• SAST is useful for identifying vulnerabilities early in the development pro...read more

CSRF is a type of attack where a malicious website tricks a user into performing an action on a different website.

• CSRF stands for Cross-Site Request Forgery

• It can be exploited by tricking a user into clicking a link or button on a malicious website that sends a request to a different website where the user is logged in

• The request can perform actions on behalf of the user without their knowledge or consent

• To prevent CSRF, websites can use tokens to verify that the request is c...read more