Security Testing Interview Questions and Answers

• Security testing is a technique intended to reveal flaws in the security mechanisms of an information system that protect records and maintain functionality as intended.

• Security testing is the most important kind of testing for any application. In this kind of testing, tester performs a vital function of an attacker and play round the machine to discover security related bugs.

Security testing is one of the most important types of testing and its objective is to find bugs or vulnerabilities of the software or any computer or web-based application. It is being done to shield the records from an unexpected attack or intruder.

Many applications contain confidential data that can also require protection. It need to be finished periodically in order to identify the threats so that an immediately motion can be taken if an attack is being done.

• Security is set of measures to protect an application against unforeseen actions that cause it to stop functioning or being exploited.

• Unforeseen actions can be either intentional or unintentional.

The Vulnerability can be described as weak spot of any machine through which intruders or bugs can attack on the system.
If security testing has not been carried out carefully on the gadget then probabilities of vulnerabilities get increase. Time to time patches or fixes requires stopping a machine from the vulnerabilities.

Intrusion detection system basically detects the possibility of an attack,It collects the data from a number of sources, analyzes the data and finds out all possible ways to attack the system. It checks for the following:

• Attack possibility.
• Abnormal Activity Detection.
• System Data Auditing.
• Data Collection Analysis.

A fault in a software which motives the software to operate in an unintended or unanticipated manner.

• SQL Injection is one of the frequent attacking techniques used by hackers to get the critical data.

• Hackers check for any loop gap in the machine through which they can ignore SQL queries which by using handed the security checks and return back the critical data. This is known as SQL injection. It can allow hackers to steal the critical records or even crash a system.

• SQL injections are very critical and needs to be avoided. Periodic security testing can prevent these kind of attacks. SQL database security wishes to be define correctly and input bins and exceptional characters need to be handled properly

Following attributes are considered for security testing:

• Authentication
• Confidentiality
• Authorization
• Integrity
• Availability
• Resilience
• Non-repudiation

There are four main focus areas to be considered in security testing (Especially for web sites/applications):
• Network security: This involves looking for vulnerabilities in the network infrastructure (resources and policies).
• System software security: This involves assessing weaknesses in the various software (operating system, database system, and other software) the application depends on.
• Client-side application security: This deals with ensuring that the client (browser or any such tool) cannot be manipulated.
• Server-side application security: This involves making sure that the server code and its technologies are robust enough to fend off any intrusion.

• Cross-site scripting is the kind of vulnerability that is used via hackers to attack web applications.

• Through this, the hackers inject HTML and JAVASCRIPT code into web pages via that hackers steal the confidential information from the internet page cookies that is ultimately returned to the hackers.

• One must try to stop this method while designing the web application.

Penetration testing is on the security testing which helps in identify vulnerabilities in a system.Penetration test is an attempt to evaluate the security of a system by manual or automated techniques and if any vulnerability found, testers uses that vulnerability to get deeper access to the system and find more vulnerabilities.

The main purpose of this testing to prevent a system from any possible attacks.

Penetration testing can be done by two ways .

• White Box testing

• Black box testing.

In white box testing, all the information is available with the testers whereas in black box testing, testers don’t have any information and they test the system in real world scenario to find out the vulnerabilities.

Linux has some commands that Windows does not, but Windows is no longer open supply and does now not suffer from current hacks such as Heartbleed.

Two common techniques to protect a password file are- hashed passwords and a salt value or password file access control.

Due to following reasons Penetration testing must be used by the testers:

• As threats and attacks can be done at any time, so loopholes and the security breaches can be much costly. Hackers cannot only steal the information but also crash the system.
• As hackers adopt new ways of hacking every day, so sometimes it may be difficult to protect the information all the time. So testers must perform the testing period to detect and prevent the attack.
• Penetration testing protects the system from the above-mentioned attacks and helps the organizations to keep data safe.

Abbreviations related to software security are:

1. IPsec: Internet Protocol Security is a suite of protocols for securing Internet
2. OSI: Open Systems Interconnection
3. ISDN: Integrated Services Digital Network
4. GOSIP: Government Open Systems Interconnection Profile
5. FTP: File Transfer Protocol
6. DBA: Dynamic Bandwidth Allocation
7. DDS: Digital Data System
8. DES: Data -Encryption Standard
9. CHAP: Challenge Handshake Authentication Protocol
10. BONDING: Bandwidth On Demand Interoperability Group
11. SSH: The Secure Shell
12. COPS: Common Open Policy Service
13. ISAKMP: Internet Security Association and Key Management Protocol
14. USM: User-based Security Model
15. TLS: The Transport Layer Security

You can use PGP to encrypt email messages or some other form of a public private key pair system where only the sender and the recipient can read the messages.

ISO/IEC 17799 is at the start posted in UK and defines excellent practices for Information Security Management. It has guidelines for all organizations small or big for Information security.

Testing can be of following types:

• White Box: In this type of testing all information is provided to the testers.
• Black Box Testing: In this type of testing, no information is provided to the testers and they test the application in the real-world scenario.
• Grey Box Testing: Partial information is provided to the testers rest they have their own information.

The seven main types of security testing as per Open Source Security Testing methodology manual are:

1. Vulnerability Scanning: Automated software scans a system against known vulnerabilities.
2. Security Scanning: Manual or automated technique to identify network and system weaknesses.
3. Penetration Testing: Penetration testing is on the security testing which helps in identifying vulnerabilities in a system.
4. Risk Assessment: It involves analysis of possible risk in the system. Risks are classified as Low, Medium and High.
5. Security Auditing: Complete inspection of systems and applications to detect vulnerabilities.
6. Ethical Hacking: Hacking done on a system to detect flaws in it rather than personal benefits.
7. Posture Assessment: This combines Security scanning, Ethical Hacking and Risk Assessments to show an overall security posture of an organisation.

SOAP – Simple Object Access Protocol that is an XML based protocol that is used to exchange information over HTTP. Web services sent XML request in SOAP format and then SOAP client sends a message to the server. The server then responds back with a SOAP message.

WSDL or Web Services Description Language is an XML formatted language that is used by UDDI. It describes the web services and the way in which they can be used and accessed.

The parameters that define an SSL session connection are:

1. Server and client random
2. Server write MACsecret
3. Client write MACsecret
4. Server write key
5. Client write key
6. Initialization vectors
7. Sequence numbers

This variety of attack makes use of the forceful looking with the URL manipulation attack. Hackers can manipulate the parameters in url string and can get the critical data which generally no longer open for public such as executed data, historic version or data which is under improvement

There are three benefits of an intrusion detection system.

1. NIDS or Network Intrusion Detection.
2. NNIDS or Network Node Intrusion detection system.
3. HIDS or Host Intrusion Detection System.

HIDS or Host Intrusion Detection system is a system in which snapshot of the existing system is taken and compares with the previous snap shot. It checks if critical files were modified or deleted, then an alert is generated and sent to the administrator.

Following are the participants:

1. Cardholder
2. Merchant
3. Issuer
4. Acquire
5. Payment Gateway
6. Certification Authority

URL manipulation is a kind of attack in which hackers manipulate the website URL to
get the fundamental information. The data is exceeded in the parameters in
the query string by means of HTTP GET method between client and server. Hackers can
alter the information between these parameters and get the authentication on
the servers and steal the critical data.

In order to avoid this sort of attacks security testing of URL manipulation need to be done. Testers themselves can try to manipulate the URL and check for possible attacks and if discovered they can prevent these types of attacks.

Following are the three classes of intruders:

1. Masquerader: It can be defined as an individual who is not authorized on the computer but hack the system’s access control and get the access of authenticated user’s account.
2. Misfeasor: In this case, user is authenticated to use the system resources but he miss uses his access on the system.
3. Clandestine User: It can be defined as an individual who hacks the control system of the system and bypasses the system security system.

Secure Sockets Layer protocol or SSL is used to make secure connection between client and computers.

Below are the component used in SSL:

1. SSL Recorded protocol.
2. Handshake protocol.
3. Change Cipher Spec.
4. Encryption algorithms.

Ports are the point from where information goes in and out of any system. Scanning of the ports to find out any loop holes in the system are known as Port Scanning. There can be some weak points in the system to which hackers can attack and get the critical information. These points should be identified and prevented from any misuse.

Following are the types of port scans:

1. Strobe: Scanning of known services.
2. UDP: Scanning of open UDP ports
3. Vanilla: In this scanning, the scanner attempts to connect to all 65,535 ports.
4. Sweep: The scanner connects to the same port on more than one machine.
5. Fragmented Packets: The scanner sends packet fragments that get through simple packet filters in a firewall.
6. Stealth Scan: The scanner blocks the scanned computer from recording the port scan activities.
7. FTP bounce: The scanner goes through an FTP server in order to disguise the source of the scan.

Cookie is a piece of information received from web server and stored in a web browser which can be read anytime later. Cookie can contain password information, some auto fill information and if any hackers get these details it can be dangerous.

Types of Cookies are:

• Session Cookies: These cookies are temporary and last in that session only.
• Persistent Cookies: These cookies stored on the hard disk drive and last till its expiry or manually removal of it.

• Honeypot is fake computer system which behaves like a real system and attracts hackers to attack on it.

• Honeypot is used to find out loop holes in the system and to provide solution for these kinds of attacks.

The parameters that define an SSL session state are:

1. Session identifier.
2. Peer certificate.
3. Compression method.
4. Cipher spec.
5. Master secret.
6. Is resumable.

• Network Intrusion Detection system generally known as NIDS.

• It is used for analysis of the passing traffic on the entire sub-net and to match with the known attacks.

• If any loop hole identified, then administrator receives an alert.

The time investment for a penetration test varies from case to case depending on the systems to be tested and the individual test requirements. Usually, the time needed ranges from a few days to several weeks. One goal of the preliminary meeting is to get enough information about the systems to be tested to estimate the optimal length for the penetration test.

Human resources on the customer’s side are usually only marginally bound. Most notably, a contact person for questions during the exploitation phase is required.

The type and amount of information needed varies with the kind of penetration test that is to be conducted. The two concepts mentioned most often are blackbox and whitebox tests. Unfortunately, those terms are not defined by a standard and can therefore mean different things, depending on who you talk to.

Red Team Penetration Testing usually recommends a whitebox test. Penetration tests performed as complete blackbox tests always suffer from the fact that third parties might get involved without their explicit consent. Providing technical information in a whitebox test scenario before the test starts also allows the penetration testers to detect security vulnerabilities that are of importance to your company even faster and more efficiently.

It should always be acted on the assumption that real, serious attackers are able to obtain the necessary information prior to their attacks, or can procure it in time. A precise determination about what information is necessary to conduct an efficient test is done individually for every client during a preliminary meeting. 

Denial-of-service (DoS) attacks are usually only examined if it seems to be possible to put a system’s availability at risk with very small effort. This can for example be a misconfiguration or a program error (say, if a system crashes when it gets sent an overly long request). Attacks like this will only be performed after an explicit agreement is provided, to verify if the attack is indeed possible.

On the other hand, attacks that try to saturate the bandwidth a company has at its disposal are usually not tested, as this is always possible for attackers with sufficient resources and will also affect third-party systems. Distributed denial-of-service attacks, that usually involve hundreds, if not thousands, of zombie systems (systems that were compromised and can now be remotely controlled) cannot be simulated realistically. 

A penetration test, also referred to as “pentest”, is a method of evaluating the security of a computer system or network by using simulating an attack from malicious outsiders (without any authorized means of accessing the company’s networks) but also malicious insiders (who have some level of authorized access).

The technique involves an active analysis of the system for any potential vulnerabilities that could result from poor or improper system configuration, recognized and unknown hardware or software flaws, or operational weaknesses.

The analysis is carried out from the position of a achievable hacker and can involve active exploitation of security vulnerabilities.

If you have your own IT department implemented in your security system, it is to your advantage to let an impartial third party do the audit. We provide an outsiders view on how easy/difficult it is to compromise your integrity. Having an audit report from a third party, outlining all confirmed security vulnerabilities on the network provides invaluable information to any network administrator.

The service is fast, and you will have the advantage of continually knowing how secure your network is and what you can do to improve it.

Yes we can check any and as many IP addresses as your desires provided they belong to you. We will not test any third party IP address.