Explore foundational security best practices for Deno application development with this easy quiz. Enhance your understanding of key security concepts, safe coding habits, and strategies to protect Deno applications.
Which best practice helps prevent unauthorized access by restricting a Deno application's file system access using permissions?
Explanation: Running a Deno application with only the necessary --allow flags limits the access the program has, enforcing the principle of least privilege. Disabling all access controls or granting all permissions by default exposes your application to unnecessary risks and increases the attack surface. The option '--dangerous-permissions' does not exist and is not a recognized security measure.
What is a recommended approach to managing third-party dependencies in a Deno project to minimize vulnerabilities?
Explanation: Regularly auditing and updating dependencies ensures that security patches are applied and vulnerabilities are minimized. Automatically trusting all dependencies or downloading from unknown sources can introduce risks, as malicious code can be embedded. Using outdated versions does not guarantee stability and could leave vulnerabilities unpatched.
Why should sensitive information, such as API keys and passwords, be stored in environment variables rather than hardcoded in Deno source code?
Explanation: Environment variables keep sensitive information separate from the codebase, reducing the risk of accidental exposure when sharing or publishing code. Hardcoding secrets makes them easily accessible and more likely to be leaked. Environment variables do not slow down applications, and storing secrets in source code does not improve security.
What is the main security advantage of using HTTPS instead of HTTP for a Deno web server?
Explanation: HTTPS provides encryption for data in transit, helping protect sensitive information from interception. HTTP does not enforce permissions and leaves data unencrypted. HTTPS does not remove the need for input validation, and while HTTP may sometimes be marginally faster, speed does not outweigh the security benefits of HTTPS.
Why is validating user input important in a Deno application that processes form data?
Explanation: Validating user input prevents common attacks such as injections and maintains data integrity by rejecting malformed data. It is not true that input validation is only needed for numeric data; all input types can be risky. Input validation may add minimal overhead but is crucial for security, and unvalidated input does not make applications faster or safer.
Which practice helps protect a Deno application from basic denial-of-service (DoS) attacks?
Explanation: Rate limiting controls the number of requests a user or client can make in a given time frame, helping mitigate DoS attacks. Allowing unlimited requests can make the application vulnerable. Disabling logs makes it harder to detect attacks, and sharing sensitive logs publicly exposes security information.
What is one way to ensure imported code from external sources remains unchanged and trustworthy in Deno?
Explanation: Pinning to specific versions or hashes ensures that the imported code cannot change unexpectedly, maintaining trust. Using random links or arbitrary URLs increases the chance of sourcing untrusted code. Module names alone do not ensure the integrity or security of dependencies.
Why should a Deno application avoid revealing detailed error messages, such as stack traces, to users?
Explanation: Revealing detailed errors, like stack traces, can leak information about the application's structure, which attackers could exploit. While developers need access to error details for debugging, these should not be visible to general users. There is no requirement to show stack traces for security reasons, and exposing them does not improve general usability.
When running a Deno application that should only access a specific network address, which security measure is most suitable?
Explanation: Limiting network permissions to only the necessary addresses helps prevent unauthorized connections and reduces the security risk. Enabling unrestricted access or granting access by default increases vulnerability, while disabling all permissions would block legitimate connections.
Which is a secure way for a Deno application to process sensitive user data, such as personal information or payment details?
Explanation: Encryption safeguards sensitive data wherever it is stored or transmitted, protecting users from data leaks. Storing data as plain text, displaying it publicly, or transmitting it over unsecured connections poses significant security risks and exposure to unauthorized parties.