Question bank
Security question bank
XSS, CSRF, CSP, auth, and the client-side threats.
Difficulty mix 27 questions · 5 categories
- Easy 2 7%
- Medium 16 59%
- Hard 9 33%
Pick a category and work it top to bottom. Your progress is remembered per category, in this browser. Read the Security guide →
-
Cross-Site Scripting (XSS)
-
CSRF & Request Forgery
-
CSP & Security Headers
-
Auth, Tokens & Storage
-
Supply Chain & Data
Where to go next
📚 Learn & practice
Prompts get you drilling; these get you learning. Hand-picked, canonical sources — read the concept, then go deep.
Read
- OWASP — Top Ten owasp.org
The canonical list of web risks to name & defend.
- OWASP Cheat Sheet Series cheatsheetseries.owasp.org
Practical, per-threat guidance (XSS, CSRF, auth…).
- web.dev — Content Security Policy web.dev
How CSP actually mitigates XSS.
- MDN — Web security developer.mozilla.org
CORS, CSP, HTTPS, and same-origin, explained.