Skip to main content
ExamExplained
NSW · Software Engineering
Software Engineering study scene
§-Quick questions
NSWSoftware EngineeringModule 2: Programming for the Web

Quick questions on XSS, CSRF and SQL injection explained: HSC Software Engineering Module 2

4short Q&A pairs drawn directly from our worked dot-point answer. For full context and worked exam questions, read the parent dot-point page.

What is cross-site scripting (XSS)?
Show answer
An attacker injects JavaScript into a page that other users load. Categories:
What is cross-site request forgery (CSRF)?
Show answer
An attacker tricks a logged-in user's browser into sending a request to a target site, abusing the user's session. Example: the user is logged into their bank. They visit an attacker's site, which contains:
What is defence in depth?
Show answer
Real applications layer all of these defences. A typical web app:
What is mitigation?
Show answer
parameterised queries.

Have a question we have not covered?

This dot-point answer is short enough that we have not extracted many short questions yet. Read the full dot-point answer or ask Mo, our study assistant, in the chat for follow ups.

ExamExplained