Tag view

#security

Cross-subject tag search for related interview cards.

Results update as you type. Press / to jump straight into search.

Type Category Tag Difficulty Keywords only

Tagged with security

11 cards

JavaScript Medium Theory

JavaScript security basics: XSS, CSRF, safe DOM updates, and avoiding eval

Client-side JavaScript can create security issues when it injects unsafe content, trusts the wrong source, or executes arbitrary code.

Unsafe HTML updates can cause XSS
CSRF abuses trusted browser state
`eval` is dangerous and usually unnecessary

#browser #javascript #security

JavaScript security basics: XSS, CSRF, safe DOM updates, and avoiding eval

React Medium Theory

React security and best practices

Safe React code avoids dangerous HTML injection, unnecessary direct DOM manipulation, state mutation, and side effects during render.

`dangerouslySetInnerHTML` is risky
Keep components focused and state colocated
Avoid premature optimization and hidden mutation

#best-practices #react #security

React security and best practices

Django Easy Theory

How does authentication differ from authorization in Django?

Authentication verifies who the user is, while authorization decides what that user is allowed to do.

Login proves identity
Permissions control access
Both matter for secure apps

#auth #django #security

How does authentication differ from authorization in Django?

Django Easy Theory

What is CSRF in Django?

CSRF protection ensures a state-changing request comes from your site and includes a valid token.

Protects POST and unsafe methods
Relies on token validation
Use csrf_token in forms

#csrf #django #security

What is CSRF in Django?

FastAPI Easy Theory

How do CORS settings work in FastAPI?

CORS middleware tells browsers which frontends are allowed to call your API across origins.

Browser security feature
Allow only needed origins
Credentials require extra care

#cors #fastapi #security

How do CORS settings work in FastAPI?

FastAPI Medium Theory

How do you handle authentication in FastAPI?

Authentication is often implemented through dependencies that validate tokens, sessions, or API keys before route logic runs.

Security dependencies are reusable
Keep auth separate from handler body
Return clear unauthorized responses

#authentication #fastapi #security

How do you handle authentication in FastAPI?

DevOps Medium Theory

ConfigMap vs Secret in Kubernetes

ConfigMaps store non-sensitive config, while Secrets are meant for sensitive values such as tokens or passwords.

Both can be mounted or injected
Secrets are not plain config by intent
Still require cluster security controls

#config #devops #kubernetes #security

ConfigMap vs Secret in Kubernetes

DevOps Medium Theory

Security group vs NACL in AWS

Security groups are stateful instance-level firewalls, while NACLs are stateless subnet-level filters.

Security groups attach to resources
NACLs attach to subnets
Stateful vs stateless is the big memory hook

#aws #devops #networking #security

Security group vs NACL in AWS

DevOps Easy Theory

What is AWS IAM?

IAM manages who can do what in AWS through users, roles, policies, and least-privilege permissions.

Authentication plus authorization
Roles are preferred for workloads
Least privilege is the design goal

#aws #devops #iam #security

What is AWS IAM?

DevOps Easy Theory

Why are environment variables used?

Environment variables separate configuration from code and help vary behavior across environments.

Good for secrets references and URLs
Avoid hardcoding
Still manage secrets securely

#configuration #devops #security

Why are environment variables used?