General Questions:

• What did you learn yesterday/this week?
• What excites or interests you about coding?
• What is a recent technical challenge you experienced and how did you solve it?
• What UI, Security, Performance, SEO, Maintainability or Technology considerations do you make while building a web application or site?
• Talk about your preferred development environment.
• Which version control systems are you familiar with?
• Can you describe your workflow when you create a web page?
• If you have 5 different stylesheets, how would you best integrate them into the site?
• Can you describe the difference between progressive enhancement and graceful degradation?
• How would you optimize a website's assets/resources?
• How many resources will a browser download from a given domain at a time?
  • What are the exceptions?
• Name 3 ways to decrease page load (perceived or actual load time).
• If you jumped on a project and they used tabs and you used spaces, what would you do?
• Describe how you would create a simple slideshow page.
• If you could master one technology this year, what would it be?
• Explain the importance of standards and standards bodies.
• What is Flash of Unstyled Content? How do you avoid FOUC?
• Explain what ARIA and screenreaders are, and how to make a website accessible.
• Explain some of the pros and cons for CSS animations versus JavaScript animations.
• What does CORS stand for and what issue does it address?

HTML Questions:

• What does a doctype do?
• What's the difference between standards mode and quirks mode?
• What's the difference between HTML and XHTML?
• Are there any problems with serving pages as application/xhtml+xml?
• How do you serve a page with content in multiple languages?
• What kind of things must you be wary of when design or developing for multilingual sites?
• What are data- attributes good for?
• Consider HTML5 as an open web platform. What are the building blocks of HTML5?
• Describe the difference between a cookie, sessionStorage and localStorage.
• Describe the difference between <script>, <script async> and <script defer>.
• Why is it generally a good idea to position CSS <link>s between <head></head> and JS <script>s just before</body>? Do you know any exceptions?
• What is progressive rendering?
• Have you used different HTML templating languages before?

CSS Questions:

• What is the difference between classes and ID's in CSS?
• What's the difference between "resetting" and "normalizing" CSS? Which would you choose, and why?
• Describe Floats and how they work.
• Describe z-index and how stacking context is formed.
• Describe BFC(Block Formatting Context) and how it works.
• What are the various clearing techniques and which is appropriate for what context?
• Explain CSS sprites, and how you would implement them on a page or site.
• What are your favourite image replacement techniques and which do you use when?
• How would you approach fixing browser-specific styling issues?
• How do you serve your pages for feature-constrained browsers?
  • What techniques/processes do you use?
• What are the different ways to visually hide content (and make it available only for screen readers)?
• Have you ever used a grid system, and if so, what do you prefer?
• Have you used or implemented media queries or mobile specific layouts/CSS?
• Are you familiar with styling SVG?
• How do you optimize your webpages for print?
• What are some of the "gotchas" for writing efficient CSS?
• What are the advantages/disadvantages of using CSS preprocessors?
  • Describe what you like and dislike about the CSS preprocessors you have used.
• How would you implement a web design comp that uses non-standard fonts?
• Explain how a browser determines what elements match a CSS selector.
• Describe pseudo-elements and discuss what they are used for.
• Explain your understanding of the box model and how you would tell the browser in CSS to render your layout in different box models.
• What does * { box-sizing: border-box; } do? What are its advantages?
• List as many values for the display property that you can remember.
• What's the difference between inline and inline-block?
• What's the difference between a relative, fixed, absolute and statically positioned element?
• The 'C' in CSS stands for Cascading. How is priority determined in assigning styles (a few examples)? How can you use this system to your advantage?
• What existing CSS frameworks have you used locally, or in production? How would you change/improve them?
• Have you played around with the new CSS Flexbox or Grid specs?
• How is responsive design different from adaptive design?
• Have you ever worked with retina graphics? If so, when and what techniques did you use?
• Is there any reason you'd want to use translate() instead of absolute positioning, or vice-versa? And why?

JS Questions:

• Explain event delegation
• Explain how this works in JavaScript
• Explain how prototypal inheritance works
• What do you think of AMD vs CommonJS?
• Explain why the following doesn't work as an IIFE: function foo(){ }();.
  • What needs to be changed to properly make it an IIFE?
• What's the difference between a variable that is: null, undefined or undeclared?
  • How would you go about checking for any of these states?
• What is a closure, and how/why would you use one?
• What's a typical use case for anonymous functions?
• How do you organize your code? (module pattern, classical inheritance?)
• What's the difference between host objects and native objects?
• Difference between: function Person(){}, var person = Person(), and var person = new Person()?
• What's the difference between .call and .apply?
• Explain Function.prototype.bind.
• When would you use document.write()?
• What's the difference between feature detection, feature inference, and using the UA string?
• Explain AJAX in as much detail as possible.
• Explain how JSONP works (and how it's not really AJAX).
• Have you ever used JavaScript templating?
  • If so, what libraries have you used?
• Explain "hoisting".
• Describe event bubbling.
• What's the difference between an "attribute" and a "property"?
• Why is extending built-in JavaScript objects not a good idea?
• Difference between document load event and document ready event?
• What is the difference between == and ===?
• Explain the same-origin policy with regards to JavaScript.
• Make this work:

duplicate([1,2,3,4,5]); // [1,2,3,4,5,1,2,3,4,5]

• Why is it called a Ternary expression, what does the word "Ternary" indicate?
• What is "use strict";? what are the advantages and disadvantages to using it?
• Create a for loop that iterates up to 100 while outputting "fizz" at multiples of 3, "buzz" at multiples of 5 and"fizzbuzz" at multiples of 3 and 5
• Why is it, in general, a good idea to leave the global scope of a website as-is and never touch it?
• Why would you use something like the load event? Does this event have disadvantages? Do you know any alternatives, and why would you use those?
• Explain what a single page app is and how to make one SEO-friendly.
• What is the extent of your experience with Promises and/or their polyfills?
• What are the pros and cons of using Promises instead of callbacks?
• What are some of the advantages/disadvantages of writing JavaScript code in a language that compiles to JavaScript?
• What tools and techniques do you use debugging JavaScript code?
• What language constructions do you use for iterating over object properties and array items?
• Explain the difference between mutable and immutable objects.
  • What is an example of an immutable object in JavaScript?
  • What are the pros and cons of immutability?
  • How can you achieve immutability in your own code?
• Explain the difference between synchronous and asynchronous functions.
• What is event loop?
  • What is the difference between call stack and task queue?

Testing Questions:

• What are some advantages/disadvantages to testing your code?
• What tools would you use to test your code's functionality?
• What is the difference between a unit test and a functional/integration test?
• What is the purpose of a code style linting tool?

Performance Questions:

• What tools would you use to find a performance bug in your code?
• What are some ways you may improve your website's scrolling performance?
• Explain the difference between layout, painting and compositing.

Network Questions:

• Traditionally, why has it been better to serve site assets from multiple domains?
• Do your best to describe the process from the time you type in a website's URL to it finishing loading on your screen.
• What are the differences between Long-Polling, Websockets and Server-Sent Events?
• Explain the following request and response headers:
  • Diff. between Expires, Date, Age and If-Modified-...
  • Do Not Track
  • Cache-Control
  • Transfer-Encoding
  • ETag
  • X-Frame-Options
• What are HTTP actions? List all HTTP actions that you know, and explain them.
• What techniques do you use to increase availiability of your website?

Learn more »

            A block cipher processes the input one block at a time, producing an output block for each input block.

            A stream cipher processes the input continuously, producing output one element at a time, as it goes alone.

Learn more »

            All the encryption algorithms are based on two general principles:

      Substitution: In which each element in the plaintext(bit, letter, group of  bits or letters) is mapped into another element.

      Transposition: In which elements in the plaintext are rearranged.

The fundamental requirement is that no information be lost(that is ,that all operations are reversible). Most systems, referred to as product systems, involve multiple stages of substitutions and transpositions.

Learn more »

•  A symmetric encryption scheme has five ingredients:
•  Plaintext: This is the original intelligible message or data that is fed into the algorithm as input.
•  Encryption algorithm: The encryption algorithm performs various substitutions and transformations on the plaintext.
•  Secret Key: The secret key is also input to the encryption algorithm. The key is the value independent of the plaintext. The algorithm will produce a different output depending on the specific key being used at the time. The exact substitutions and transformations performed by the algorithm depend on the key.
• Cipher text: This is the scrambled message produced as output. It depends on the plaintext and the key.
• Decryption algorithm: This is essentially the encryption algorithm in reverse. It takes the cipher text and the secret key and produces the original plaintext.

Learn more »

      1.Gain unauthorized access to information(ie.violate secrecy or privacy)

      2.Disavow responsibility or liability for information the  cheater did originate.

      3.Enlarge cheater’s  legitimate license(for access ,origination, distribution etc).

      4.Pervert the function of software, typically by adding a covert function.

      5.Cause others to violate a protocol by means of introducing incorrect information.

Learn more »

       An attack on system security that derives from an intelligent threat: that is an intelligent act that is a deliberate attempt(especially in the sense of a method or technique) to evade security services and violate the security policy of a system.

Learn more »

      A potential for violation of security, which exists when there is a circumstances,capability,action or event that could breach security and cause harm. That is, a threat is a possible danger that might exploit a vulnerability.

Learn more »

Identification

Authorization

Concurrence

Liability

Endorsement

Validation

Time of occurrence

Registration

Learn more »

Is it safe to use Facebook? How to securely use Social Web?

Despite the actual statistics about the popularity of Social Web, security is always a burning question. Anyone can get into hot water when asked, which social web is most popular, whether it is Facebook, or Twitter or Instagram or other. But whatever it is, when it comes to end users, there is always a mind-shattering question “Is it safe to use Facebook? Or how can I secure my Web World?” In this article, I would like to share you about most common ways people can exploit your web world and tweaks you can do to prevent yourself from being socially engineered.

What are the common security threats?

·      Suspicious Emails and notifications: If you get email asking for your username or password, never respond them. Facebook or any other website will never ask you to send your username or password or answer to your security questions. Spammers and scammers sometimes create phony emails that look like they’re from Facebook. These emails can be very convincing. You might get something like, warnings that something will happen to your account if you don't update it or take another immediate action, Claims or offers that sound too good to be true (ex: You've won the Facebook Lottery!) etc.

·      Adware: Some program claims that they can give you special feature on your Facebook like, who viewed your timeline or adding theme to timeline. When you click on those links, it asks you to download small extensions. Once done, it will populate your timelines with ads and banners and makes your timeline load slowly.

o   Remedy: To get rid of them remove the suspicious extensions from the browser you use. For example in, if you are using Safari, you click on “Safari” -> “Preferences” ->”Extensions” and remove unwanted extensions.

·      Malware: Malware is software system that is designed to break a PC or a network. If you've got Malware on your PC, it might be wont to get around Facebook's security controls and take over your account. This software system will collect data from your account, send standing updates or messages that appear as if they are from you, or cowl your account with ads that crash your pc.

o   Remedy:

§  Change your Password.

§  Scan your computer for Malware.

§  Upgrade your browser to latest version.

§  Remove unwanted browser add-ons.

·      Keylogging through Keyloggers: Keylogger is a type of computer virus that tracks key strokes. Keyloggers can be installed remotely on a computer system by a cracker to record all the activity that is going on the victim's computer. Keylogging gets easier if the hacker has physical access to the victim's computer.

o   Remedy: Install a good antivirus and update it frequently. Do not click on suspicious links and avoid downloading illegal software. Also, avoid installing free toolbars and other such spam software. Always scan third-person's flash and pen drives before using them on your computer.

·      Phishing: Phishing is one of the easiest ways to trick users into giving out their login credentials. All a hacker does is setup a webpage similar in design to that of the Facebook homepage, attach a server sided script to track the username and password entered and store it in a log. Sending people emails stating that someone tagged a photo of them on Facebook in the same format as Facebook and giving a link below to the Phishing website further reduces the chances of it being detected as a fake. Sometimes, spam Facebook apps, like those promising to tell who viewed your Facebook profile, automatically post links to Phishing websites. A new trend amongst phishers is creating Facebook look-a-like widgets for stealing user's login credentials.

o   Remedy: If you think your friend's account was phished, tell them to change their password and run anti-virus software on their computer. At all costs, avoid clicking on suspicious links. Moreover, always check the URL in the address bar before signing in. Avoid logging in through various "Facebook widgets" offered by websites and blogs. Instead, use Facebook's homepage to sign in.

How to keep your account safe?

·      Confirm your mobile number: Most of the social web allows securing your account using mobile numbers. You can get notifications whenever some unknown person tries to access your account. Code Generator methods of Facebook are one of the great ways to protect your Facebook account.

·      Pick a strong password:  Do not use any dictionary words. Any meaningful words can be hacked through some attacking methods. Use a combination of at least six numbers, letters, and punctuation marks.

·      Make sure your email account(s) are secure: Do not use same password for your email and Facebook or any other social web. If you have same password, stop reading this right here and go ahead and change your password.

·      Log out of Facebook: Log out of Facebook or other sites when you use a computer you share with other people. Do not save your password in your browser when it prompts for saving it.

·      Run anti-virus software on your computer: Keep your anti-virus and Operating System updated. Operating system keeps integrating security patches in every new version. Make sure you have latest copy.

·      Think before you click or download anything.

What to do after your account is hacked?

What can be done after your account is hacked? Don’t Panic. Web security flows is a known but controlled issues.

·      Change your Password: If your password was not changed, change your password immediately. If your password is change, reset your password.

·      Report compromised account: If your Facebook account is compromised, it means your Facebook account was not hacked. Follow the instructions and you can regain the access to your account.

·      Do damage Control: After you regain access to your account checks your inbox, settings, apps etc. Inform your friends your account was hacked and if any message sent was not by you. Remove suspicious applications.

·      Change your email password: If your email address is hacked, hacker or spammer can easily gain access to your all the accounts associated with that email address. Make sure, your email account is safe.

Compiled By

Suresh Kumar Mukhiya

[Web Developer, Web Security Analyst, SEO Expert]

itsmeskm99@gmail.com

Learn more »

1. Use prepared statements and parameterized queries. These are SQL statements that are sent to and parsed by the database server separately from any parameters. This way it is impossible for an attacker to inject malicious SQL.

   $stmt = $pdo->prepare('SELECT * FROM employees WHERE name = :name');
   
   $stmt->execute(array('name' => $name));
   
   foreach ($stmt as $row) {
       // do something with $row
   }

2. You could do something basic like this:

   $safe_variable = mysql_real_escape_string($_POST["user-input"]); mysql_query("INSERT INTO table (column) VALUES ('" . $safe_variable . "')"); This won't solve every problem, but it's a very good stepping stone.
3.  

Learn more »

Consider a substitution cipher where 52 symbols were used instead of 26. In particular, each symbol in the cipher text is for either a lowercase English letter, or an uppercase English letter. (For example, let E be the encryption function then we could have E(‘S’) = ‘p’ and E(‘s’)=’m’.) Such a modification augments the key space to 52! Does this provide added security compared to a standard substitution cipher? Why or why not?

This does not add much security to the system at all. Capital letters usually appear only at the beginning of words at the beginning of sentences. Thus, the frequencies of capital letters are quite small in English text. You could simply consider this while using frequency analysis. Simply put, disregard all the characters of very small frequencies and concentrate on solving for the characters with the highest frequencies which will still be the same lowercase letters. Once these are solved for, there will be enough recovered plaintext to deduce most if not all of the capital letters in the message.

Learn more »