2.1 Security

Question 2

What is a key principle for data protection?

Answer 2

Encrypt in transit and at rest.

This ensures that sensitive data is protected during transmission and while stored.

Question 3

What should be done to prevent XSS and SQL injection?

Answer 3

Sanitize all user inputs or any input parameters exposed to user.

This involves cleaning and validating data received from users to eliminate harmful code.

Question 4

What technique should be used to prevent SQL injection?

Answer 4

Use parameterized queries.

This method ensures that user input is treated as data, not executable code.

Question 5

What is the principle of least privilege?

Answer 5

Users should have the minimum level of access necessary to perform their tasks.

This reduces the risk of unauthorized access to sensitive information.

Question 6

What is a recommended source for further reading on security?

Answer 6

API security checklist.

This resource provides guidelines for securing APIs against common vulnerabilities.

Question 7

What is another recommended source for developers regarding security?

Answer 7

Security guide for developers.

This guide offers best practices for integrating security into the development process.

Question 8

What list is crucial for understanding web application security threats?

Answer 8

OWASP top ten.

This list outlines the most critical security risks to web applications.