Security Engineering

Application Security

9 practice questions. Free questions open a full answer guide; the rest unlock with Pro.

  • One of your services fetches a URL supplied by the user — for previews or webhooks. Walk me through why that's dangerous in the cloud and how you'd defend it properly. Senior level
  • How do you defend against cross-site scripting, and where does Content Security Policy fit in that defense?Go Pro Mid level
  • What is cross-site scripting (XSS), and how would you defend a web application against it?Go Pro Junior level
  • What is CSRF, why don't the usual injection defenses stop it, and how do SameSite cookies and anti-CSRF tokens fit into preventing it?Go Pro Mid level
  • How do you prevent SQL injection in an application, and why is input validation alone not enough?Go Pro Mid level
  • What is the security risk of using third-party components with known vulnerabilities, and how would you catch and manage them in an application?Go Pro Junior level
  • Where in the SDLC do you put SAST, DAST, and SCA, and how do you keep the signal useful instead of drowning developers in findings?Go Pro Senior level
  • What is SQL injection, and how do you prevent it?Go Pro Junior level
  • How do you operationalise security in a DevOps team where the security function is not embedded — you have a separate security team that reviews changes on a weekly cadence?Go Pro Senior level
Want questions matched to your role? Paste a job title, job description, or CV for a personalized set, or go Pro to unlock the full bank.