41 Interesting Application security interview questions

Application security interview questions

We will discuss around Application security interview questions/Penetration testing interview questions which consists of a list of Most Frequently Asked questions about security and also covered Security Engineer Interview Questions and cyber security interview questions:

Application Security interview Questions
Application Security interview Questions

Critical || Application security interview questions

Major || Application security interview questions

Basic|| Application security interview questions

Base Level -1 || Critical || Application security interview questions

How would an HTTP program handle state?

HTTP being a stateless protocol uses cookies to handle the web application state.HTTP can handle web application state in the below approaches and maintains session :

  • Client-side
  • Server-side.

The data might be stored in cookies or in the web server’s session.

What do you understand by Cross Site Scripting or XSS?

Cross-site Scripting abbreviated as XSS is a client-side code injection issue where the un-authorised user aims to execute malicious scripts in user’s web browser by incorporating malicious code in a web application and hence once the user visits that web application then the malicious code gets executed resulting in the cookies, session tokens along with other sensitive information to be compromised.

What are the types of XSS?

There are majorly three different categories of XSS:

Reflected XSS: In this approach, the malicious script is not stored in the database in case of this vulnerability; instead, it comes from the current HTTP request.

Stored XSS: The suspicious scripts got stored in the Database of the web application and can get initiated from there by impacted person’s action by several ways such as comment field or discussion forums, etc.

DOM XSS: In DOM (Document Object Model)XSS, the potential issues exists within the client-side code instead of the server-side code. Here in this type, the malicious script flows in the browser and acts as a source script in DOM.

This potential impact arises when a client-side code reads data from the DOM and processes this data without filtering the input.

What are the owasp top 10 of 2021 ?

  • The Injection
  • The Broken Authentication
  • The Sensitive Data Exposure
  • The XML External Entities (XXE)
  • The Broken Access Control
  • The Security Misconfigurations
  • The Cross-Site Scripting (XSS)
  • The Insecure Deserialization
  • The Using Components with Known Vulnerabilities
  • The Insufficient Logging and Monitoring

Mention the owasp risk rating methodology ?

The Owasp risk rating methodologies are segregated in the different layers , such as :

  • System Risk Identifications layer
  • Source estimation of the Risk mechanism
  • Impact estimation and analysis
  • Determination of the risk severity.
  • Risk mitigation techniques.

Explain how does the tracert or tracerout operates ?

Tracerout or tracert as the name suggests basically monitors and analyze the route between host machine to remote machine. it performs the below activities :

  • Monitors and identify the data packets are redirected or not .
  • Analyze the traversal speed of data packets .
  • Analyze the Hops numbers thats being used while data packet traversal from and to host and remote machines

What is ICMP?

ICMP stands for Internet Control Message Protocol, located at the Network layer of the OSI model, and is an integral part of the TCP/IP.

Which port is for ICMP or pinging?

Ping doesn’t require any port and uses ICMP. It is used to identify whether the remote host is in an active status or not, and also it identifies the packet loss and round-trip delay while within the communication.

Mention the list of challenges for the successful deployment and monitoring the web intrusion detection?

  • Limitations for NIDS for web monitoring, i.e. (semantic issues while understanding HTTP,SSL)
  • Challenges while logging the verboseness of logging (Mod_Security audit_log)
  • The Centralized Remote Logging
  • The Alerting Mechanisms
  • While Signatures/Policies updation

Mention the risk that involves from unsecure HTTP cookies with tokens ?

Access Control Violation impact gets triggered when not flagging HTTP cookies along with secure tokens.

Mention the basic design of OWASP ESAPI?

The major OWASP ESAPI design are:

  • The group of security control interfaces
  • A reference implementation for each and every security control.
  • An option for the implementation for every organisation applied to every security control.

What is port scanning?

Scanning of the ports to discover that there can be some weak points in the system to which un-authorised user can target and pull some critical and sensitive data information.

Mention the different types of port scans ?

  • Strobe: Strobe scanning is basically done of known services.
  • UDP: Here, in this case, the scanning of open UDP ports
  • Vanilla: In this type of scanning the scanner initiates connection to all the available 65,535 ports.
  • Sweep: In this type of scanning the scanner initiates the connection to the same port on multiple machines.
  • Fragmented packets: In this type of scanning the scanner itself takes care of sending the packet fragments that get through the simple packet filters in a firewall.
  • Stealth scan: In this type of scanning approach ,the scanner blocks the scanned machines from recording the port scan activities.
  • FTP bounce: In this type of scanning the scanner routes through an FTP server to identify scanning source.

What is a honeypot?

The honeypot is a computer system that mimics likely targets of cyber issues. Honeypot basically used for detection and deflection vulnerability from a legitimate target.

Among Windows and Linux which one provides security ?

Both of the OS have their pros and cons. Still, as per the security is concerned, most of the community prefer to use Linux as it provides more flexibility & security compared to Windows, considering that many security researchers have contributed to securing Linux.

Which is mostly implemented protocol on a login page?

The TLS/SSL protocol is implemented in most of the scenarios while data is in transmission layers.This is to be done to achieve the confidentiality and integrity of user’s critical and sensitive data by using encryption in the transmission layer.

What is public-key cryptography?

Public Key Cryptography (PKC), also known as asymmetric cryptography, is a cryptography protocol which requires two separate sets of keys, ie one private and another one is public for data encryption & decryption.

State the difference between private and public-key cryptography while performing the encryption and signing content?

In the case of digital signing, the sender uses the private key to sign the data and on the other hand receiver verifies and validates the data with the public key of the sender itself.

While in encryption, the sender encrypts the data with the public key of the receiver and receiver decrypt and validates it using his/her private key.

Mention the major application of the public-key cryptography?

The major use cases of public-key cryptography are :

  • Digital signing – Content is digitally signed.
  • Encryption- Content encryption with the public key.

Discuss about the Phishing issues?

In Phishing, the fake web page is being introduced to trick the user and manipulate him to submit critical and sensitive information.

What approach you can take to defend the phishing attempts?

XSS vulnerabilities verification and validation and HTTP referer header are some mitigation approaches against the phishing.

How to defend against multiple login attempts?

There are different approaches to defend against several login attempts, such as :

  • Account lockout policy creation based on several number of attempts and trial to access the account.
  • Captcha based functionality implementation on the login page to identify and differentiate between Human or BOT.

What is Security Testing?

Security testing is one of the major important areas of testing to identify the possible vulnerabilities in any software (any system or web or networking or Mobile or any other devices ) based application and protect their confidential and sesitive data sets from potential risk and intruders.

What is “Vulnerability”?

Answer: Vulnerability is considered as the weakness/bug/flaw in any system through which an un-authorised user can target the system or the user who is using the application.

What is Intrusion Detection?

Answer: IDS or intrusion detection system is software or hardware application that monitors a network for unapproved activity or policy violations. Under this situations it is typically reported and resolved using security information and respective event management system.

Few Intrusion Detection systems are capable enough to respond to the detected intrusion upon discovery, known as intrusion prevention systems (IPS).

Base Level -2 || Major || Application security interview questions

What are Intrusion Detection System, type :

The IDS Detection majorly of the below types :

  • Network intrusion detection systems (NIDS): A system monitors and analyzes the incoming network traffic.
  • Host-based intrusion detection systems (HIDS): This type of system monitors the operating system files.

Along with these, there is a subset of IDS types , out of which the major variants are based on anomaly detection and signature detection

  • Signature-based: This type of detection system monitors and identifies potential issues by analysing the specific patterns such as network traffic byte sequences, known malicious activity sequences.
  • Anomaly-based: This kind of model is based on a machine learning approach to detect and adapt to unknown issues, primarily to create an algorithmic trust model and then compare the new malicious behavior against this trust model.

What do you know about OWASP?

OWASP is known as Open Web Application Security Project is an organisation which supports secure software development.

What potential issues arises if the session tokens has insufficient randomness across range values?

Session tampering arises from the issue with session tokens having insufficient randomness within a values of range .

What is “SQL Injection”?

Answer: SQL injection is one of the most common techniques in which a code is injected in the SQL statements via a web page input that might destroy your database and potentially expose all the data from your DB.

What do you understand by SSL session and also the SSL connections ?

Answer: SSL is known as Secured Socket Layer connection establishes the communication with peer-to-peer link having both the connection maintains SSL Session.

An SSL session represents the security contract, which in terms consists of key and algorithm agreement information that takes place over a connection between an SSL client connected to an SSL server using SSL.

An SSL session is governed by security protocols that control the SSL sessions parameter negotiations between an SSL client and SSL server.

Name the two standard approaches which are used to provide protection to a password file?

Answer: Two majorly applied approaches for password file protection are

  • Hashed passwords
  • Salt value or password file access control.

What is IPSEC?

The IPSEC also known as IP security is an Internet Engineering Task Force (IETF) standard protocols suite among the two various communication layers across the IP network. It ensures dataset integrity, authentication and also the confidentiality. It generates the authenticated data packets with encryption, decryption.

What is the OSI model :

The OSI model also known as Open Systems Interconnection ,is a model that enables communication using standard protocols with the help of diverse communication systems. The International Organization for Standardization is creating it.

What is ISDN?

ISDN stands for Integrated Services Digital Network, a circuit-switched telephone network system. It provides packet switched networks access which allows the digital transmission of voice along with data. Over this network, the quality of data and voice is much better than an analog device/phone.

What is CHAP?

CHAP, also referred as Challenge Handshake Authentication Protocol (CHAP) which is basically a P-2-P protocol (PPP) authentication protocol where the initial startup of the link is used. Also, it performs a periodic health check of the router communicates with the host.CHAP is developed by IETF (Internet Engineering Task Force).

What is USM, and what does it perform?

USM stands for the User-based Security Model, is utilised by System Management Agent for decryption , encryption, decryption, and authentication as well for SNMPv3 packets.

Mention some factors that can cause vulnerabilities?

Answer: The majority of areas that might cause the potential vulnerabilities are :

  • Sensitive data exposure: If any sensitive data or passwords are being exposed or being tracked by the un-authorised user, then the system becomes vulnerable.
  • Design flaws: Might target any flaws if in case any loop hole in the system design.
  • Complexity: Complex applications can have areas that can become vulnerable.
  • Human Error: It is one of the sources of security vulnerabilities due to many factors like data leakage etc.

Mention the parameters list to define SSL session connection?

Answer: The attributes which all define an SSL session connection are:

  • The Server and client random
  • The Server write MACsecret
  • The Client write MACsecret
  • The Server write key
  • The Client write key
  • The Initialization vectors
  • Sequence numbers

What is file enumeration?

Answer: Its a type of issues where the forceful browsing takes place by manipulating the URL where the un-authorised user exploit the URL parameters and get sensitive data.

What are the advantages of intrusion detection system?

Answer: The Intrusion detection system has the below advantages:

  • Network Intrusion Detection (NIDS)
  • Network Node Intrusion Detection System (NNIDS)
  • Host Intrusion Detection Systems (HIDSs)

Base Level -3 || Basic|| Application security interview questions

What is Host Intrusion Detection System?

The (HIDSs)Host-based intrusion detection systems (HIDSs) are applications that operate on information collected from individual computer systems and serves on the existing system and compare with the previous mirror/snapshot of the system and validates for whether any data modification or manipulation has been done and generates an alert based on the output.

It can also figure out which processes and users are involved in malicious activities.

What is NNIDS?

NNIDS stands for Network Node Intrusion Detection System (NNIDS), which is like a NIDS, but it’s only applicable to one host at a single point of time, not an entire subnet.

Mention three intruders classes?

There are various intruder types, such as :

  • Masquerader: This type of intruder is generally an unauthorised individual on the computer who targets the system’s access control and gets the access to authenticated user’s accounts.
  • Misfeasor: This user is an authenticated user who has the authority to use the system resources, but he intend to misuse the same access to the system for other operations.
  • Clandestine: In this type of users, It can be defined as individual who targets the control system by means of bypassing the system security system.

Mention the components which are used in SSL?

SSL establishes the secure connections among the clients and servers.

  • Components used in SSL :
  • The SSL Recorded protocol
  • The Handshake protocol
  • The Cipher Spec
  • Encryption algorithms

Disclaimer: This Application security interview questions tutorial post is for educational purpose only. We don’t promote/support any activity related to security issues/conduct. Individual is solely responsible for any illegal act if any.

About Debarghya

41 Interesting Application security interview questionsMyself Debarghya Roy, I am an Engineering ARCHITECT working with fortune 5 company and an open source contributor, having around 12 years of experience/expertise in various Technology stack.
I have worked with various technologies such as Java,C#,Python,Groovy, UI Automation(Selenium), Mobile Automation(Appium), API/Backend Automation,Performance Engineering(JMeter, Locust), Security Automation(MobSF,OwAsp,Kali Linux, Astra,ZAP etc), RPA,Process Engineering Automation,Mainframe Automation,Back End Development with SpringBoot,Kafka,Redis,RabitMQ,ELK stack, GrayLog, Jenkins and also having experience in Cloud Technologies, DevOps etc.
I live in Bangalore ,India with my wife and have passion towards Blogging , music , playing guitar and my Philosophy of life is Education for All which gave the birth of LambdaGeeks. Lets connect over linked-in - https://www.linkedin.com/in/debarghya-roy/

x
About Lambdageeks
en English
X