Authentication and Security Basics Questions

Covers core application security concepts such as authentication and authorization models, token based authentication using JSON Web Tokens, session management, secure password storage with hashing and salting, transport layer security using Hypertext Transfer Protocol Secure, cross origin request handling, common injection and client side attacks such as structured query language injection and cross site scripting, input validation and output encoding, role based access control, and basic practices for secrets management and secure logging. Candidates should explain trade offs and simple designs that reduce attack surface and enable safe operation.