Information Security Officer Question:
Explain how does one defend against CSRF?
Answer:
Nonces required by the server for each page or each request is an accepted, albeit not foolproof, method. Again, we’re looking for recognition and basic understanding here–not a full, expert level dissertation on the subject. Adjust expectations according to the position you’re hiring for.
Previous Question | Next Question |
Do you know what is the difference between a Black Hat and a White Hat? | Explain what do you have on your home network? |