Vulnerability Assessment and Penetration Testing (VAPT) is one of the most established domains of cyber security. As most business prefer having an online presence to cater to a greater audience, they ultimately rely on websites showcasing their brand image. However, they don’t pay attention to the potential damage of reputation in case their website gets hacked or defaced. In the worst case the business and their customers can even face financial losses due to compromise of stored credentials.
VAPT is one of the most in-demand jobs in the field of cyber security today. Many tools and technologies have been developed to conduct VAPT.
A typical VAPT interviewer will not ask specific questions regarding the functioning of any tool, but would rather be more interested in understanding the general problem solving approach of the candidate.
Following is a list of questions usually asked for VAPT interviews:
1. What is encoding and why its used.
Encoding: The purpose of output encoding is to convert untrusted input into a safe form especially where the input is displayed as data to the user without executing as code in the browser. Basically, encoding involves translating special characters into some equivalent that is no longer significant in the target interpreter.
Encoding, is a common technique to help protect against many types of attack, including injection attacks and Cross-site Scripting (XSS).
Examples are as follows:
” is replaced with "
& is replaced with &
< is replaced with <
> is replaced with >
2. What do you understand by unvalidated URL redirect vulnerability. Why is it a concern.
Unvalidated redirects and forwards are possible when a web application accepts untrusted input that could cause the web application to redirect the request to a URL contained within untrusted input. By modifying untrusted URL input to a malicious site, an attacker may successfully launch a phishing scam and steal user credentials.
External Urls should not be allowed in direct patamaters. If no validation is applied, a malicious user could create a hyperlink to redirect your users to an unvalidated malicious website.
3. How do we prevent SQL injection attacks.
Some ways of preventing SQL injection are as follows:
1. Use of Prepared Statements (with Parameterized Queries)
Prepared statements ensure that an attacker is not able to change the intent of a query, even if SQL commands are inserted by an attacker. If an attacker were to enter the userID of tom’ or ‘1’=’1, the parameterized query would not be vulnerable and would instead look for a username which literally matched the entire string tom’ or ‘1’=’1.
2. Use of Stored Procedures
Stored procedures can be written to validate any input that is sent to them to ensure the integrity of the data and Parameters can be checked for valid ranges.
3. Escaping All User Supplied Input for any sensitive characters like ‘, =, and, — etc.
4. What do you prefer, blacklisting or whitelisting? and why?
Blacklist is a detailed list of what is not allowed
Whitelist is a detailed list of what is allowed
From Security premise, a whitelist is usually preferred to only allow the known good and considering everything else as untrusted and bad.
5. What is Clickjacking?
“Clickjacking” (which is a subset of “UI redressing”) is a malicious technique that consists of deceiving a web user into interacting (in most cases by clicking) with something different to what the user believes they are interacting with.
This is a “client side” security issue that affects a variety of browsers and platforms.
To carry out this type of technique the attacker has to create a seemingly harmless web page that loads the target application through the use of an iframe.
For more questions, click here.
Tip: Go through OWASP Top Ten Vulnerabilities, their impact and countermeasures. Learn at least one practical example of each and you will get through with flying colors!!!