Vulnerability Assessment and Penetration Testing (VAPT) is one of the most established domains of cyber security. As most business prefer having an online presence to cater to a greater audience, they ultimately rely on websites showcasing their brand image. However, they don’t pay attention to the potential damage of reputation in case their website gets hacked or defaced. In the worst case the business and their customers can even face financial losses due to compromise of stored credentials.
VAPT is one of the most in-demand jobs in the field of cyber security today. Many tools and technologies have been developed to conduct VAPT.
A typical VAPT interviewer will not ask specific questions regarding the functioning of any tool, but would rather be more interested in understanding the general problem solving approach of the candidate.
Following is a list of questions frequently asked in VAPT interviews:
1. Please explain cross site scripting.
In Cross-Site Scripting (XSS) attacks malicious scripts are injected into other web sites. XSS attacks occur when an attacker uses a web application to send malicious code, generally in the form of a browser side script, to the end user. If successful, The attacker may gain access to users cookies, session IDs, passwords, private messages etc.
2. What are the types of cross site scripting
There are three major types of XSS attacks:
Persistent / Stored XSS
The malicious user input is stored on the target server, such as in a database, in a message forum, visitor log, comment field, etc. and is reflected every time the page is visited by any user.
The malicious user input originates from the victim’s request and is immediately returned by a web application in an error message, search result, or any other response that includes some or all of the input provided by the user as part of the request, without that data being made safe to render in the browser, and without permanently storing the user provided data.
This input will not reflect in case the same web page is displayed by a different user.
3. Is cross site scripting attack browser based or server based?
Cross site scripting is a client side browser based attack as the script executes in the client browser.
4. What will you do as a developer to correct existing cross site scripting vulnerability in your code reported by the application security auditors
As a developer we should examine the code of the page where the vulnerability is residing and rectify the flaw by putting proper input validations in place to avoid any scripts from executing. In case it has been reported as a persistent XSS, we should also vet the database entries to look for any residing malicious script lying there.
5. Explain CSRF
Cross Site request forgery attacks takes advantage of the website trust in an authenticated user session. as an example, lets consider an application has a user that is logged on, an attacker tricks the user into submitting an HTTP request on the attacker’s behalf, which the application believes to be from the user. the success factor for CSRF relies in the fact that once authenticated, websites typically don’t verify that a request came from an authorized user. Instead they verify only that the request came from the browser of an authorized user.
6. What is the prevention used for CSRF
Common techniques for preventing against CSRF attacks are:
1. Check CSRF Token
2. Verify the requests are coming from same origin
Tip: Go through OWASP Top Ten Vulnerabilities, their impact and countermeasures. Learn at least one practical example of each and you will get through with flying colors!!!
For more questions, click here.