Securing An ASP.NET Web Application/API

Question 1

What are buffer overflows?

Answer 1

When the amount of data in the buffer exceeds its storage capacity. That extra data overflows into adjacent memory locations and corrupts or overwrites the data in those locations.

Question 2

How would you prevent buffer overflows?

Answer 2

Input validation.

Question 3

What is an **XSS (Cross-Site Scripting) **attack?

Answer 3

When malicious script is injected into a trusted website.

Question 4

How can you prevent **XSS (Cross-Site Scripting) **attacks?

Answer 4

• ValidateInput attribute
• HtmlEncoder
• AntiXssEncode class**

Question 5

What are SQL Injection Attacks?

Answer 5

When an attackercan execute malicious SQL statements

Question 6

How can you prevent SQL Injection Attacks?

Answer 6

• Input validation
• Query parameterisation
• Reduced privileges user

Question 7

What is CORS?

Answer 7

Cross-Origin Resource sharing that allows restricted resources on one domain to be requested from another

Question 8

How do we enable CORS on ASP.NET?

Answer 8

In startup.cs in ConfigureServices.

services.AddCors() can beused to add a policy and specify what you can accept.

Question 9

What elements can we specify when adding a CORS policy?

Answer 9

• Origin (ie all or websites)
• Header (ie application/x-www-form-urlencoded , multipart/form-data , or text/plain)
• Method (get, post etc…)