0% found this document useful (0 votes)

12 views2 pages

Interview Questionire

The document covers various web security vulnerabilities including OWASP Top 10, SQL Injection, XSS, SSRF, and CSRF, along with their impacts and mitigations. It also discusses technical concepts such as HTTP methods, encoding vs hashing vs encryption, and tools like Nmap and Burp Suite. Additionally, it addresses testing methodologies for vulnerabilities and the significance of secure coding practices in web applications.

Uploaded by

ranthamgod

We take content rights seriously. If you suspect this is your content, claim it here.

Available Formats

Download as TXT, PDF, TXT or read online on Scribd

0% found this document useful (0 votes)

12 views2 pages

Interview Questionire

Uploaded by

ranthamgod

We take content rights seriously. If you suspect this is your content, claim it here.

Available Formats

Download as TXT, PDF, TXT or read online on Scribd

You are on page 1/ 2

Owasp top 10 vulnerabilities, impact and their mitigations.

Diffrence beween get and POST method.

Is it safe to send data in get method.
Diffrence beween encoding, hashing and encryption.
How you can confirm that string either encoded hashed or encrypted by looking at
it.
How hashes can be cracked.
What is rainbow table.
What is salted hash.
SQL injection types, mitigation, exploit scenarios, what most you can do with sql
injection, is it possible to perform rce using sql injection, simple manual
payloads for sql injection ex - payload to enumerate columns
What is the root cause of SQL injection.
Sql Map and it's commands.
Example of parameterized query, what exactly hapening in backend so that it prevent
SQL injection.
How will you test for blind sql injection.
If there is no diffrence between the responce for diffrent payloads for SQL
injection, what will be your approach to test it further.
Xss and its types, mitigation, what most you can do by XSS.
What will be severity of XSS on login page and why.
Explain DOM based XSS and how will you exploit it.
SSRF and its mitigation and impact,
Payload for SSRF and if input validation implemented what payload will you use.
What is burp collaborator and how it can be used to test SSRF.
how port scanning can be performed by SSRF.
XXE its mutigation and impact, what is the way to exploit XXE.
Is it possible to perform XXE on Json request.
What is template injection.
CSRF and it's mitigation.
is it safe to implement CSRF token is in cookie.
Java deserialization impqct and mitigation.
HTTP cookie flags and its significance.
CORS vulnerability.
Namp scanning techniques.
By default how many and which ports Nmap will scan.
What is diffrence between Steath scan and connect scan.
Nmap command -sS -Pn -sC and its meaning.
What is CLRF injection.
What is diffrence between Privilege escalation and IDOR.
what all things you will test on file upload fuctionality.
How will you bypass file extension validation.
What is CSV injection it's impact and mitigation.
Any 5 ports and services running on them.
How SSL works.
What is Digital Signeture and how it works.
What all thing you will check in manifest file for mobile appsec.
What are vulnerable permissions and why.
What is shared preferences.
What is SSL pining and how this can be bypassed.
Oauth token and its vulnerabilities.
JWT token and its vulnerabilities.
What is BeefXSS framework
How will you exploit XSS in real life scenario.
How will you find SQL injection if there is no change in content lenghth and there
is no time delay.
What is Dom based xss and it's payloads
Forgot password functionality test cases
If you found Xss on login page what will the severity and why? How will you exploit
XSS on login page.
How to exploit Self xss
Will implementation of CSP mitigate the Clickjacking.
What are session related attacks. Session Fixasation , hyjacking ?
What are mitigations for CSRF?
What is same site cookie?
What is CORS and it's mitigation?
LFI & RFI and it's mitigation ?
What is your approach to test Thick client application?
Can you intercept Thick client traffic without Echo Mirage using Java Console or
Burp Suite ?
What is referer header and will it mitigate CSRF?

Security Vulnerability Questions-1
No ratings yet
Security Vulnerability Questions-1
2 pages
CyberSecurityInterview Questions HackerBook
No ratings yet
CyberSecurityInterview Questions HackerBook
33 pages
Who What
No ratings yet
Who What
5 pages
WS Prac
No ratings yet
WS Prac
1 page
Cybersecurity Interviews - 200 Must-Know Questions!
No ratings yet
Cybersecurity Interviews - 200 Must-Know Questions!
28 pages
Course Content
No ratings yet
Course Content
6 pages
Q & A Part !
No ratings yet
Q & A Part !
3 pages
CIA 1 - Key
No ratings yet
CIA 1 - Key
1 page
Web Application Penetration Testing
No ratings yet
Web Application Penetration Testing
6 pages
OWASP Testing Guide Notes
No ratings yet
OWASP Testing Guide Notes
5 pages
Web App Security for Developers
No ratings yet
Web App Security for Developers
8 pages
VAPT Interview Questions-1
0% (1)
VAPT Interview Questions-1
3 pages
General Web Application Security Questions 1729578061
No ratings yet
General Web Application Security Questions 1729578061
27 pages
EXPERIMENT
No ratings yet
EXPERIMENT
10 pages
CSDF & Stqa - Lp-Iv
No ratings yet
CSDF & Stqa - Lp-Iv
27 pages
Professional Bug Hunting & Advanced Web Application Course
No ratings yet
Professional Bug Hunting & Advanced Web Application Course
17 pages
CYBER SECURITY Training Brochure FNL PDF
No ratings yet
CYBER SECURITY Training Brochure FNL PDF
4 pages
Madhu Asses2
No ratings yet
Madhu Asses2
8 pages
Pen Testing
No ratings yet
Pen Testing
2 pages
Certified Application Security Course
No ratings yet
Certified Application Security Course
3 pages
Web App Security: SQL & Command Injection
No ratings yet
Web App Security: SQL & Command Injection
28 pages
Web App Pentesting Checklist
100% (1)
Web App Pentesting Checklist
3 pages
Security Testing FAQ
No ratings yet
Security Testing FAQ
25 pages
Q
No ratings yet
Q
3 pages
Security
No ratings yet
Security
18 pages
Web Security Questions Answers
No ratings yet
Web Security Questions Answers
2 pages
Waf Bypassing by Rafaybaloch
No ratings yet
Waf Bypassing by Rafaybaloch
33 pages
F5 BIG-IP APM - Implementation Guide
No ratings yet
F5 BIG-IP APM - Implementation Guide
8 pages
OWASPv4 Checklist
0% (1)
OWASPv4 Checklist
27 pages
Task 02
No ratings yet
Task 02
7 pages
OWASP Web Security Guide
No ratings yet
OWASP Web Security Guide
64 pages
OWASPv4 Checklist
No ratings yet
OWASPv4 Checklist
29 pages
Ceklist OWASP
No ratings yet
Ceklist OWASP
27 pages
Udemy - Web Pentesting Course Slides
100% (1)
Udemy - Web Pentesting Course Slides
103 pages
Cybersecurity Top 30 Interview Questions
No ratings yet
Cybersecurity Top 30 Interview Questions
6 pages
Web Application Penetration Testing EXtreme - 1
100% (3)
Web Application Penetration Testing EXtreme - 1
300 pages
Cleaning Up Ajax Development-Lars Ewe
No ratings yet
Cleaning Up Ajax Development-Lars Ewe
53 pages
Pentration Testing
No ratings yet
Pentration Testing
29 pages
OWASPv4 Checklist (AutoRecovered)
No ratings yet
OWASPv4 Checklist (AutoRecovered)
30 pages
Web Application Pentesting
No ratings yet
Web Application Pentesting
6 pages
CSWAE Version2
No ratings yet
CSWAE Version2
9 pages
Web PEN Test Report
100% (1)
Web PEN Test Report
8 pages
Course Presentation
No ratings yet
Course Presentation
43 pages
Interview Questions
No ratings yet
Interview Questions
9 pages
Assignment Questions EHCS
No ratings yet
Assignment Questions EHCS
11 pages
Advanced Application Penetration Testing 8-Day
No ratings yet
Advanced Application Penetration Testing 8-Day
7 pages
Penetration Testing Training Overview
No ratings yet
Penetration Testing Training Overview
5 pages
Icc
No ratings yet
Icc
14 pages
Customized Syllabus of CPENT
No ratings yet
Customized Syllabus of CPENT
4 pages
Network Security Essentials
No ratings yet
Network Security Essentials
12 pages
Soc Interview Question
No ratings yet
Soc Interview Question
18 pages
Web Attacks From Zero To Hero
No ratings yet
Web Attacks From Zero To Hero
66 pages
Cyber Security Workshop
No ratings yet
Cyber Security Workshop
3 pages
CSDFunit 3
No ratings yet
CSDFunit 3
45 pages
Lab 3 Web Attacks: XSS, XSRF, SQL Injection
0% (1)
Lab 3 Web Attacks: XSS, XSRF, SQL Injection
11 pages
OWASPv4 Checklist
No ratings yet
OWASPv4 Checklist
27 pages
Web Security Testing Workshop
No ratings yet
Web Security Testing Workshop
9 pages
Adding A Course in OnGuard
No ratings yet
Adding A Course in OnGuard
3 pages
05 Introduction To Virtualization Features
No ratings yet
05 Introduction To Virtualization Features
29 pages
(English (Auto-Generated) ) Ethical Hacking 101 - Web App Penetration Testing - A Full Course For Beginners (DownSub - Com)
No ratings yet
(English (Auto-Generated) ) Ethical Hacking 101 - Web App Penetration Testing - A Full Course For Beginners (DownSub - Com)
149 pages
Curso de Linux 2020
No ratings yet
Curso de Linux 2020
37 pages
Find and Replace
No ratings yet
Find and Replace
7 pages
4-Bit Processing Unit Design Usingvhdl Structural Modeling For Multiprocessor Architecture
No ratings yet
4-Bit Processing Unit Design Usingvhdl Structural Modeling For Multiprocessor Architecture
6 pages
(Lazada MY) Single Upload Template
No ratings yet
(Lazada MY) Single Upload Template
1 page
Research Paper IOT of Video Survillence
No ratings yet
Research Paper IOT of Video Survillence
9 pages
Ic0403 Computer Control of Processes
No ratings yet
Ic0403 Computer Control of Processes
3 pages
AZ 204T00A ENU PowerPoint - 06
No ratings yet
AZ 204T00A ENU PowerPoint - 06
44 pages
CHCLEG003 - Assignment 1 Task 1 - Case Scenario
100% (3)
CHCLEG003 - Assignment 1 Task 1 - Case Scenario
3 pages
Number Systems: Location in Course Textbook
No ratings yet
Number Systems: Location in Course Textbook
64 pages
Cyberoam IView Windows Installation Guide
No ratings yet
Cyberoam IView Windows Installation Guide
30 pages
5G Transforms Metro Commutes
No ratings yet
5G Transforms Metro Commutes
10 pages
Heading Calibration
No ratings yet
Heading Calibration
2 pages
02 - Neo Software Installation: Product Neo Suite Version 6.x
100% (1)
02 - Neo Software Installation: Product Neo Suite Version 6.x
24 pages
Tutor 5
No ratings yet
Tutor 5
2 pages
Shaxsiy Topshiriq
No ratings yet
Shaxsiy Topshiriq
10 pages
Class 9th Data Litercy Notes
No ratings yet
Class 9th Data Litercy Notes
4 pages
Students - AI Track CS Master Saclay
No ratings yet
Students - AI Track CS Master Saclay
50 pages
C Grammar
No ratings yet
C Grammar
8 pages
Pseudocode Guide
No ratings yet
Pseudocode Guide
17 pages
Alibaba Success Story
No ratings yet
Alibaba Success Story
21 pages
Web App Race Condition Risks
No ratings yet
Web App Race Condition Risks
8 pages
Os Unit - 4
No ratings yet
Os Unit - 4
25 pages
Boosting Dept. Image via YouTube
No ratings yet
Boosting Dept. Image via YouTube
25 pages
Self-Cleaning Solar Panels and Smart Solar Tracker Systems Improve Efficiency
No ratings yet
Self-Cleaning Solar Panels and Smart Solar Tracker Systems Improve Efficiency
12 pages
eCommerce Security Assignment
No ratings yet
eCommerce Security Assignment
5 pages
Data Breach Case Study Guide
No ratings yet
Data Breach Case Study Guide
3 pages
Sapnote 0000847388
No ratings yet
Sapnote 0000847388
2 pages

Interview Questionire

Uploaded by

Interview Questionire

Uploaded by

Owasp top 10 vulnerabilities, impact and their mitigations.

Diffrence beween get and POST method.

You might also like