Wednesday, 9 March 2011

Security/Penetration Testing Interview Questions

  • What type of security testing you performed?
  • What types of web testing security problems do you know?
  • Please classify vulnerabilities that you know.
  • What are two common techniques used to protect a password file?
  • What is integer overflow?
  • What is your understanding of root causes of vulnerabilities?
  • What is ISO 17799?
  • Can you describe security defect prevention?
  • List and briefly define three classes of intruders.
  • What are three benefits that can be provided by an intrusion detection system?
  • What services are provided by the SSL Record Protocol?
  • Why do we need validate users input for length and characters?
  • Why we need to keep track of individual users and authentication?
  • What is runtime inspection?
  • Describe with examples Fuzzers and Sniffers tools:
  • Define buffer overflows.
  • What are format string vulnerabilities?
  • What is SQL injection?
  • Provide example of command injection.
  • Provide example of broken access control.
  • List and briefly define the parameters that define an SSL session state.
  • List and briefly define the parameters that define an SSL session connection.
  • Why do we need port scanning?
  • How to use an interactive proxy and a set of fuzz strings to manually test the application’s handling of data?
  • What is cookie gathering?
  • What is a honeypot?
  • What is phishing attack?
  • What is a dual signature and what is its purpose?
  • How can you ensure that all input fields are properly validated to prevent code injection attacks?
  • What tools can you use to validate the strength of SID (session ID)?
  • What is file enumeration?
  • What steps are involved in the SSL Record Protocol transmission?
  • What are hidden fields in HTTP?
  • What protocols comprise SSL?
  • How to implement (create) a custom fuzz utility and test it against your application?
  • Describe SOAP and WSDL.
  • List and briefly define the principal categories of SET participants.
  • How to test a scriptable ActiveX object?
  • What is the difference between statistical anomaly detection and rule-based intrusion detection?
  • What metrics are useful for profile-based intrusion detection?
  • What is the difference between rule-based anomaly detection and rule-based penetration identification?
  • What is a salt in the context of UNIX password management?
  • List and briefly define four techniques used to avoid guessable passwords.
  • What is the difference between an SSL connection and an SSL session?
  • List and briefly define Acronyms and Abbreviations Related to Software security
  • Write an example of misusing strcpy() in C and C++ in such a way that a buffer overflow condition exists as a bug
  • Why we use firewall for security when we have facilities like access-list on routers ?
  • What are the most important steps you would recommend for securing a new web server? Web application?
  • You have been asked to review the source code for a compiled script that is being used to validate logon credentials for a web application. The file is called "logon_validate" and a typical logon request looks like this -
  • If you were not using Apache as the reverse proxy, what Microsoft application/tool could you use to mitigate this attack?
  • What do you see as challenges to successfully deploying/monitoring web intrusion detection?
  • What online resources do you use to keep abreast of web security issues? Can you give an example of a recent web security vulnerability or threat?
  • What does this log entry indicate? How could you identify what the contents are of the "hacked.htm" file that the attacker is trying to upload?
  • What are some examples of you how you would attempt to gain access?
  • What application generated the log file entry below? What type of attack is this? Assuming the index.php program is vulnerable, was this attack successful?
  • One of your web servers is logging multiple requests similar to the following:
  • What is your definition of the term "Cross-Site Scripting"? What is the potential impact to servers and clients?
  • What do you see as the most critical and current threats effecting Internet accessible websites?
    • What is a firewall?
    • Describe how to manage a firewall
    • What is a Denial of Service attack?
    • What is a “spoofed” packet?
    • What is a SYN Flood?
    • What do you do if you are a victim of a DoS?
    • What is GPG/PGP?
    • What is SSH?
    • What is SSL? How do you create certificates?
    • What would you do if you discovered a UNIX or Network device on your network has been compromised?
    • What would you do if you discovered a Windows system on your network has been comrpromised?
    • What is DNS Hijacking?
    • What is a log host?
    • What is IDS or IDP, and can you give me an example of one?
    • Why are proxy servers useful?
    • What is web-caching?

  • What are the most important steps you would recommend for securing a new web server?

    The following are the most important steps for securing a new web server:
    1. Update/patch the web server software
    2. Ensure that the server functionality is minimized and disable the extra modules
    3. Always remove the fault scripts / data
    4. Increase the verboseness of logging
    5. Update the ownership / permissions of the files.

    What are the most important steps you would recommend for securing a new web server?

    • Minimize rights.
    • Update permissions.
    • Delete default data and scripts.
    • Make use of software firewall.
    • Enable and make use of IIS logging.
    • Regular backup.
    • Updating the windows tool installed.


Posted by at

5 comments:

Subscribe to: Post Comments (Atom)