- How do you write secure code? In your opinion, is it one of the developer's duties, or does it require a specialized role in the company? And why?
- Why is it said that cryptography is not something you should try to invent or design yourself?
- What is two factor authentication? How would you implement it in an existing web application? [A]
- If not carefully handled, there is always a risk of logs containing sensitive information, such as passwords. How would you deal with this?
- Write down a snippet of code affected by SQL Injection and fix it.
- How would it be possible to detect SQL Injection via static code analysis? I don't expect you to write an algorithm capable of doing this, as it is probably a huge topic, but let's discuss a general approach.
- What do you know about Cross-Site Scripting? [A]
- What do you know about Cross-Site Forgery Attack? [A]
- How does HTTPS work? [A]
- What's a Man-in-the-middle Attack, and why does HTTPS help protect against it?
- How can you prevent the user's session from being stolen? [A] [A]