Application Security
Everything on SkillVeris tagged Application Security — collected across the glossary, study notes, blog, and cheat sheets.
13 resources across 1 library
Interview Questions(13)
What Techniques Prevent SQL Injection?
SQL injection is prevented primarily by using parameterized queries (or prepared statements) so user input is always bound as data and never concatenated into…
What Are Parameterized Queries and Why Do They Matter?
A parameterized query is a SQL statement written with placeholders in place of literal values, where the actual values are supplied separately and bound by the…
What Are Connection String Security Best Practices?
Connection string security means never embedding raw credentials in source code or config files checked into version control, instead injecting host, username,…
How Do You Manage Database Secrets Securely?
Database secrets management means storing credentials, API keys, and encryption keys in a dedicated secrets manager or vault that controls access, encrypts the…
What is the Principle of Least Privilege for Database Access?
Least privilege for database access means every user, service, or application account is granted only the specific permissions it needs to do its job — nothing…
What is Content Security Policy (CSP)?
Content Security Policy (CSP) is an HTTP response header that tells the browser which sources of scripts, styles, images, and other resources are allowed to lo…
What Are HTTP Security Headers and Why Do They Matter?
HTTP security headers are response headers a server sends to instruct the browser to enable or restrict specific behaviors — such as blocking inline scripts, r…
How Do CSP Nonces Prevent Inline Script Injection?
A CSP nonce is a random, single-use token the server generates per response and embeds both in the Content-Security-Policy header and as a nonce attribute on e…
What Does the Referrer-Policy Header Control?
The Referrer-Policy header controls how much information about the current page’s URL the browser includes in the Referer header when the user navigates away o…
What Is the Permissions-Policy Header Used For?
The Permissions-Policy header lets a site explicitly enable or disable powerful browser features — such as the camera, microphone, geolocation, or autoplay — f…
What Is the Trusted Types API and How Does It Prevent DOM XSS?
The Trusted Types API is a browser-enforced mechanism, activated via a CSP directive, that blocks a page’s dangerous DOM sinks — like innerHTML or eval — from…
What is DevSecOps and How Do You Implement It?
DevSecOps is the practice of integrating security checks and ownership directly into every stage of the DevOps pipeline — from code commit through build, test,…
SAST vs DAST: What Is the Difference?
SAST (Static Application Security Testing) scans an application’s source code, bytecode, or binaries without executing them to find vulnerabilities like SQL in…