What is the difference between XSS and CSRF?

Heisenbug logo
TheHeisenBug

Search

Search across questions, learning content, and hands-on projects

Ace Your Next Tech Interview

5,986+ interview questions across 87 technologies — with expert answers, advanced search, AI-powered assistance, personal highlights, structured learning paths, and hands-on practice projects.

5,986+Questions & Answers
87Technologies
AdvancedSearch
Built-inAsk AI
PersonalHighlights
StructuredLearning Paths
Hands-onPractice Projects

Lifetime Access

One-time payment. No subscriptions. Unlock everything, forever.

$19.90USD

or R$49.90 BRL

FeatureFreePremium
Question titlesAllAll
Answers per topicTop 5All
Learning chaptersFirst 5All
Practice projectsFirst 3All
Highlights
Ask AI
Read tracking
Search

Web Security Interview Questions

  1. [JUNIOR] What is the difference between authentication and authorization?
  2. [JUNIOR] What is Cross-Site Scripting (XSS)?
  3. [JUNIOR] What is SQL injection?
  4. [JUNIOR] What is OWASP and why is it important?
  5. [JUNIOR] What is HTTPS and how does it differ from HTTP?
  6. [MID] What are the OWASP Top 10 vulnerabilities and why are they important for web application security?
  7. [MID] What are the different types of XSS (stored, reflected, DOM-based) and how do they differ?
  8. [MID] How can SQL injection attacks be prevented?
  9. [MID] How can you prevent XSS attacks in a web application?
  10. [JUNIOR] What is web application security?
  11. [JUNIOR] What is an SSL/TLS certificate and why is it needed?
  12. [JUNIOR] What is Cross-Site Request Forgery (CSRF)?
  13. [JUNIOR] What is the CIA triad in information security?
  14. [JUNIOR] What is the difference between encryption, encoding, and hashing?
  15. [JUNIOR] What is Content Security Policy (CSP)?
  16. [MID] How does CORS work and what are its security implications?
  17. [MID] What is the Same-Origin Policy (SOP) and why is it important for web security?
  18. [MID] How does CSRF work and what are effective prevention methods?
  19. [MID] What is the role of input validation in secure coding and why is it important?
  20. [SENIOR] How would you design a safe and secure password storage mechanism?
  21. [JUNIOR] What is session hijacking and how does it occur?
  22. [JUNIOR] What is a DDoS attack and how does it work?
  23. [JUNIOR] What is two-factor authentication and why is it important for web security?
  24. [JUNIOR] What is a man-in-the-middle (MITM) attack?
  25. [MID] How does Content Security Policy (CSP) help prevent XSS attacks?
  26. [MID] What is the difference between SAST and DAST?
  27. [MID] How does SSL/TLS encryption secure data in transit?
  28. [MID] What are security headers and how do they enhance web application security?
  29. [MID] How can you prevent brute-force attacks on login pages?
  30. [MID] What is Insecure Direct Object Reference (IDOR) and how can it be exploited?
  31. [MID] How does token-based authentication work?
  32. [MID] What is Server-Side Request Forgery (SSRF) and how can it be exploited?
  33. [MID] How does OAuth work and what security concerns does it address?
  34. [MID] What is broken authentication and how can it be prevented?
  35. [MID] What is the difference between XSS and CSRF?
  36. [SENIOR] How would you design a security strategy to protect a microservices architecture from both external and internal threats?
  37. [SENIOR] How do you ensure the security of third-party libraries and dependencies in your codebase?
  38. [SENIOR] What strategies would you use to ensure secure session management in web applications?
  39. [SENIOR] What is the principle of least privilege and how would you implement role-based access control?
  40. [JUNIOR] What is clickjacking?
  41. [JUNIOR] What is a Web Application Firewall (WAF)?
  42. [JUNIOR] What is a vulnerability in the context of web security?
  43. [MID] What is the difference between session hijacking and session fixation?
  44. [MID] What are the key differences between symmetric and asymmetric encryption?
  45. [MID] What is a security misconfiguration and how can it be prevented?
  46. [SENIOR] How would you integrate threat modeling into an Agile development process?
  47. [SENIOR] What is the STRIDE threat modeling methodology and how is it applied?
  48. [SENIOR] How do you handle security misconfigurations across development and production environments?
  49. [SENIOR] How would you implement secure logging and monitoring without exposing sensitive information?
  50. [SENIOR] How would you design the security architecture for an e-commerce platform handling sensitive data?
  51. [SENIOR] What is insecure deserialization and how can it be prevented?
  52. [SENIOR] How would you conduct a secure code review and what do you prioritize?
  53. [SENIOR] How can an attacker exploit SSRF and what must developers do to prevent it?
  54. [JUNIOR] What is a honeypot and how is it used in security?
  55. [MID] Explain CORS, SOP, and CSP from a security point of view and how they relate to each other?
  56. [SENIOR] How would you approach securing a serverless architecture?
  57. [SENIOR] How would you approach identifying and mitigating security risks in a large legacy codebase?
  58. [SENIOR] How do you balance finding security issues and maintaining development velocity during code reviews?
  59. [SENIOR] What are business logic vulnerabilities and how do you identify them?
  60. [SENIOR] What is the difference between a vulnerability assessment and penetration testing?
  61. [SENIOR] How would you review an architecture to prevent automated brute force or dictionary attacks?
  62. [SENIOR] What are the challenges of implementing a Secure Development Lifecycle (SDL) in a fast-paced development environment?
  63. [EXPERT] How would you design a comprehensive API security strategy for a public-facing API?
  64. [EXPERT] What is XML External Entity (XXE) injection and how can it be prevented?
  65. [EXPERT] What are the security implications of using JWT for authentication and what are common attack vectors against it?
  66. [EXPERT] How would you design a security strategy for a cloud-native application and what specific threats are most critical?
  67. [EXPERT] How does password hashing work internally and what is the importance of salting in preventing rainbow table attacks?
  68. [JUNIOR] What is a botnet?
  69. [MID] What is HTTP Public Key Pinning (HPKP) and when should it be used?
  70. [MID] What are the security risks associated with the robots.txt file?
  71. [EXPERT] How would you implement and enforce secure coding standards across a globally distributed development team?
  72. [EXPERT] What is Server-Side Template Injection (SSTI) and how can it be exploited and prevented?
  73. [EXPERT] What are the edge cases and limitations of Content Security Policy implementations?
  74. [EXPERT] How would you approach securing a multi-tenant SaaS application?
  75. [EXPERT] How does Perfect Forward Secrecy work and why is it important for TLS?
  76. [EXPERT] How would you design security controls for a CI/CD pipeline?
  77. [EXPERT] What is OS command injection and how does it differ from code injection?
  78. [EXPERT] What are file inclusion vulnerabilities and how do LFI and RFI differ?
  79. [EXPERT] What is HTTP Parameter Pollution and how can it be exploited?
  80. [EXPERT] How would you measure the effectiveness of a Secure Development Lifecycle program?