Blacklist

A Blacklist is a list of users, IP addresses, websites, or applications that are explicitly blocked from accessing a system or network.

Whitelist

A Whitelist is a list of users, IP addresses, websites, or applications that are explicitly allowed to access a system or network. Everything else is blocked by default.

Difference between Blacklist and Whitelist

• Access Rule: Blacklist blocks specific entities; Whitelist allows only specific entities.
• Default Behavior: Blacklist allows all except blocked ones; Whitelist blocks all except allowed ones.
• Security Level: Blacklist is less secure; Whitelist is more secure.
• Use Case: Blacklist is used to block known threats; Whitelist is used in high-security environments.

Difference between Exception and Error in Java

• Meaning: Exception represents conditions that a program can handle; Error represents serious problems that a program cannot handle.
• Recovery: Exceptions can be caught and handled using try-catch; Errors are generally not recoverable.
• Cause: Exceptions occur due to logical issues or user input; Errors occur due to system-level failures.
• Examples: Exception – NullPointerException, ArithmeticException; Error – OutOfMemoryError, StackOverflowError.
• Package: Both belong to java.lang package, but Error is not meant to be handled.

Exception Handling

Exception handling is a mechanism used in programming to handle runtime errors so that the normal flow of the program is not interrupted. It helps detect errors and provides a way to recover from them.

Example (Java):

try {
    int a = 10;
    int b = 0;
    int c = a / b;
    System.out.println(c);
} catch (ArithmeticException e) {
    System.out.println("Division by zero is not allowed");
}

Here, the exception is caught and handled instead of crashing the program.

SQL Injection

SQL Injection is a web security vulnerability where an attacker inserts malicious SQL code into a query to manipulate or access the database without authorization. It can lead to data theft, data modification, or complete database compromise.

How to Prevent SQL Injection

• Use Prepared Statements: Parameterized queries prevent malicious SQL execution.
• Input Validation: Validate and sanitize user inputs.
• Use Stored Procedures: Reduces direct SQL execution.
• Limit Database Privileges: Use least-privilege principle.
• Web Application Firewall (WAF): Blocks common SQL injection patterns.

Cross-Site Scripting (XSS)

XSS (Cross-Site Scripting) is a web security vulnerability where an attacker injects malicious scripts into trusted websites. These scripts run in the victim’s browser and can steal sensitive information like cookies, session tokens, or redirect users to malicious sites.

How to Fix / Prevent XSS

• Input Validation: Validate and sanitize all user inputs.
• Output Encoding: Encode data before displaying it on web pages.
• Use Security Headers: Implement Content Security Policy (CSP).
• Avoid Inline Scripts: Reduce use of inline JavaScript.
• Use Secure Frameworks: Modern frameworks handle XSS automatically.

DBMS (Database Management System)

A DBMS is software that is used to create, store, manage, and retrieve data efficiently from a database. It provides an interface between users/applications and the database.

Virtual Memory

Virtual memory is a memory management technique that uses a part of secondary storage (hard disk) as an extension of main memory (RAM). It allows programs to run even if the physical memory is insufficient.

Cache Memory

Cache memory is a small, high-speed memory located between the CPU and main memory. It stores frequently accessed data and instructions to improve system performance.