0
0
HLDsystem_design~5 mins

SQL injection and XSS prevention in HLD - Cheat Sheet & Quick Revision

Choose your learning style9 modes available
LearnWhyDeepArchPracticeChallengeDesignRecallScale
Recall & Review
beginner
What is SQL Injection?
SQL Injection is a security vulnerability where attackers insert malicious SQL code into input fields to manipulate the database and access or modify data without permission.
Click to reveal answer
beginner
How can parameterized queries help prevent SQL Injection?
Parameterized queries separate SQL code from data inputs, so user inputs are treated only as data, not executable code, preventing attackers from injecting harmful SQL commands.
Click to reveal answer
beginner
What is Cross-Site Scripting (XSS)?
XSS is a security flaw where attackers inject malicious scripts into web pages viewed by other users, allowing theft of information or control over user actions.
Click to reveal answer
intermediate
Name two common methods to prevent XSS attacks.
1. Escaping user inputs before displaying them on web pages. 2. Using Content Security Policy (CSP) headers to restrict script execution.
Click to reveal answer
beginner
Why is input validation important in preventing SQL Injection and XSS?
Input validation ensures only expected and safe data is accepted, reducing the chance of malicious code entering the system and causing harm.
Click to reveal answer
Which technique is most effective in preventing SQL Injection?
AUsing parameterized queries
BEncrypting the database
CUsing complex passwords
DDisabling user input
What does XSS stand for?
AExtra Secure Script
BCross Server Security
CCross System Sync
DCross-Site Scripting
Which of these helps prevent XSS attacks?
AEscaping user inputs
BUsing SQL queries
CDisabling HTTPS
DIncreasing server RAM
What is a Content Security Policy (CSP)?
AA password policy
BA database encryption method
CA browser security feature to control resources loaded
DA network firewall
Why should user inputs be validated?
ATo speed up the server
BTo ensure data is safe and expected
CTo increase database size
DTo allow all inputs
Explain how parameterized queries prevent SQL Injection attacks.
Think about how the database understands commands versus data.
You got /3 concepts.
    Describe two ways to prevent Cross-Site Scripting (XSS) in web applications.
    Consider both input handling and browser security settings.
    You got /4 concepts.