System Design bank Security System Design / 18 questions Your progress 0 / 18 done Saved in this browser. Reset All 18 Medium 9 Hard 9 Hide done No questions match those filters. 01 Explain the difference between stored, reflected, and DOM-based XSS. Medium 02 Design safeguards to prevent XSS in a rich text editor that renders user-generated HTML. Hard 03 Explain how CSRF attacks work and how tokens prevent them. Medium 04 Design CSRF protection for a SPA that uses cookie-based authentication. Hard 05 Explain Content Security Policy and how it mitigates XSS. Medium 06 Design a CSP for an app that uses inline scripts from a third-party analytics tool. Hard 07 Explain how CORS preflight requests work. Medium 08 Debug a CORS error where credentials aren't being sent despite a correct Access-Control-Allow-Origin. Hard 09 Explain how JWTs work and their tradeoffs versus server-side sessions. Medium 10 Design a token refresh strategy for a SPA using short-lived JWTs and refresh tokens. Hard 11 Explain the OAuth 2.0 Authorization Code flow with PKCE for a frontend app. Medium 12 Design a login flow for a SPA integrating with a third-party OAuth provider. Hard 13 Explain the HttpOnly, Secure, and SameSite cookie attributes. Medium 14 Design an authentication cookie strategy resistant to XSS and CSRF. Hard 15 Explain the difference between SameSite=Strict, Lax, and None. Medium 16 Debug a third-party embedded widget that stopped working after browsers changed default SameSite behavior. Hard 17 Explain clickjacking and how X-Frame-Options or CSP frame-ancestors prevent it. Medium 18 Design frame-busting protections for a payment confirmation page. Hard ← Previous API Next → Accessibility