JavaScript security best practices are crucial to protect web applications from common vulnerabilities like XSS (Cross-Site Scripting), CSRF (Cross-Site Request Forgery), and SQL Injection. Developers need to sanitize user inputs, use secure APIs, and follow secure coding standards. Topics like HTTPS, Content Security Policy (CSP), and proper authentication/authorization are also important. Mastering these practices is essential for building secure and trustworthy web applications. Interviewers often ask about these practices to assess a developer’s understanding of web application security.
1.) What is Cross-Site Scripting (XSS)?
A) A technique to improve web application performance.
B) An attack where malicious scripts are injected into web pages.
C) A method for secure data encryption.
D) A technique for caching web pages.
2.) What is the primary purpose of Content Security Policy (CSP)?
A) To enforce HTTPS.
B) To prevent unauthorized file downloads.
C) To mitigate XSS attacks by controlling resources a browser can load.
D) To restrict API usage in JavaScript.
3.) Which JavaScript method can help prevent XSS by escaping HTML?
A) escape
B) sanitize
C) encode
D) clean
4.) What does HTTPS provide for web applications?
A) Faster loading speed.
B) Protection against man-in-the-middle attacks.
C) Automatic code optimization.
D) A debugging tool for developers.
5.) What is a secure way to store sensitive data in the browser?
A) Local storage
B) Cookies without flags
C) Encrypted cookies with HttpOnly and Secure flags
D) Plain JavaScript variables
6.) What does the HttpOnly flag on cookies do?
A) Prevents cookies from being accessed by client-side scripts.
B) Ensures cookies can only be accessed by JavaScript.
C) Encrypts cookie data.
D) Extends the lifespan of cookies.
7.) What is Cross-Site Request Forgery (CSRF)?
A) An attack that steals cookies.
B) An attack where unauthorized commands are executed on behalf of an authenticated user.
C) A vulnerability in JavaScript frameworks.
D) A type of browser exploit.
8.) How can CSRF attacks be mitigated?
A) By using strong passwords.
B) By validating user inputs.
C) By implementing CSRF tokens.
D) By disabling cookies.
9.) Why should eval() be avoided in JavaScript?
A) It reduces performance.
B) It is outdated.
C) It can introduce security vulnerabilities like XSS.
D) It doesn’t work with modern browsers.
10.) What is the recommended way to validate user input?
A) sanitize
B) parse
C) validate
D) hash
Related