Security - Interview Questions and Answers for 'Csrf token' | Search Java Interview Question - javasearch.buggybread.com
Javasearch.buggybread.com

Search Interview Questions


 More than 3000 questions in repository.
 There are more than 900 unanswered questions.
Click here and help us by providing the answer.
 Have a video suggestion.
Click Correct / Improve and please let us know.
Label / Company      Label / Company / Text

   



Security - Interview Questions and Answers for 'Csrf token' - 2 question(s) found - Order By Newest

 Q1. What is a csrf token ? What is it used for ?Security2020-01-15 14:26:26

Ans. A CSRF token is a unique, secret, unpredictable value that is generated by the server-side application and transmitted to the client in such a way that it is included in a subsequent HTTP request made by the client. When the later request is made, the server-side application validates that the request includes the expected token and rejects the request if the token is missing or invalid.

CSRF tokens can prevent CSRF attacks by making it impossible for an attacker to construct a fully valid HTTP request suitable for feeding to a victim user. Since the attacker cannot determine or predict the value of a user's CSRF token, they cannot construct a request with all the parameters that are necessary for the application to honor the request.

 Help us improve. Please let us know the company, where you were asked this question :   

   Like         Discuss         Correct / Improve     csrf token.csrf attack


Related Questions

  Difference between == and .equals() ?
  Why is String immutable in Java ?
  Explain the scenerios to choose between String , StringBuilder and StringBuffer ?

or

What is the difference between String , StringBuilder and StringBuffer ?
  What are the difference between composition and inheritance in Java?
  Does garbage collection guarantee that a program will not run out of memory?
  What are different ways to create String Object? Explain.
  Why do we need Inner classes ? Cant we just work with outer classes wherever we implement Inner classes ?
  Why Char array is preferred over String for storing password?
  What do you mean by "Java is a statically typed language" ?
  What is the difference between final, finally and finalize() ?


 Q2. Do you think a csrf token should only be generated after authentication ?Security2020-01-15 14:26:43

Ans. No, they should be created before authentication too

https://cheatsheetseries.owasp.org/cheatsheets/Cross-Site_Request_Forgery_Prevention_Cheat_Sheet.html#login-csrf

 Help us improve. Please let us know the company, where you were asked this question :   

   Like         Discuss         Correct / Improve     csrf token  csrf attack


Related Questions

 Have you ever heard about csrf attacks ?
 What is a csrf token ? What is it used for ?
 Difference between XSS and CSRF ?



Help us and Others Improve. Please let us know the questions asked in any of your previous interview.

Any input from you will be highly appreciated and It will unlock the application for 10 more requests.

Company Name:
Questions Asked: