Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

WhiteHat Security_Technical Interview > Technical Interview > Flashcards

Technical Interview Flashcards

1
Q

Hypertext Transfer Protocol (HTTP) Requests

A
  • Follows Client/Server Model -or- Request/Response Model: structures requests and responses over the Internet.
  • HTTP is Stateless protocol - Independent transactions - like flipping a coin | Web Applications still track your state by means of cookies and sessions.
  • Application layer | HTTP uses Transmission Control Protocol (TCP):
  • TCP defines how data is transmitted.
  • Requests = Specify client actions or methods: GET, POST, DELETE, etc.
  • Responses = Server status codes.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

GET (HTTP Request)

A

Retrieves data.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

POST (HTTP Request)

A

Creates a new object, creates something new: - ex: adds a new item to your shopping cart.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

HTTP Proxy

A
  • HTTP proxy is an application that runs between the browser and the server, allowing you to intercept, view, and modify HTTP requests and responses.
  • Proxy means to act on behalf of another.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

URL

A
  • Stands for Uniform Resource Locator = Web Address.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Scheme (URL Structure)

A

Indicates the protocol that the browser must use to request the resouce (a protocol is a set method for exchanging or transferring data around a computer network). Usually for websites the protocol is HTTPS or HTTP (its unsecured version).

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Authority (URL Structure)

A

Separated from the scheme by the character pattern :// If present the authority includes both the domain (e.g. www.example.com) and the port (80), separated by a colon:
- The domain indicates which Web server is being requested.

  • The port indicates the technical “gate” used to access the resources on the web server. It is usually omitted if the web server uses the standard ports of the HTTP protocol (80 for HTTP and 443 for HTTPS) to grant access to its resources. Otherwise it is mandatory.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Path to Resource (URL Structure)

A

The path refers to the exact location of a page, post, file, or resource on the Web server.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Anchor (URL Structure)

A

An anchor represents a sort of “bookmark” inside the resource, giving the browser the directions to show the content located at that “bookmarked” spot.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

100-199 (HTTP Response Codes)

A
  • Informational responses

The request was received, continuing to process.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

200-299 (HTTP Response Codes)

A
  • Successful responses
    The request has succeeded. The meaning of the success depends on the HTTP method:
  • GET: The resource has been fetched and is transmitted in the message body.
  • HEAD: The entity headers are in the message body.
  • PUT or POST: The resource describing the result of the action is transmitted in the message body.
  • TRACE: The message body contains the request message as received by the server.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

300-399 (HTTP Response Codes)

A
  • Redirects

Further action needs to be taken in order to complete the request.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

400-499 (HTTP Response Codes)

A
  • Client error

The request contains bad syntax or cannot be fulfilled.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

500-599 (HTTP Response Codes)

A
  • Server errors

The server failed to fulfill an apparently valid request.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

Regular Expressions

A
  • Regular expressions are used to find patterns within text.
  • Common Uses of Regular Expressions:
    1. Validate text
    2. Search through text
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

HTML

A
  • Stands for Hypertext Markup Language.
  • Code used to structure a web page and its content.
  • Consists a series of elements, which you use to enclose (tags), or wrap different parts of the content to make it appear a certain way, or act a certain way.
17
Q

Opening Tag (HTML)

A

This consists of the name of the element wrapped in opening and closing angle brackets. This states where the element begins or starts to take effect.

18
Q

Closing Tag (HTML)

A

This is the same as the opening tag, except that it includes a forward slash before the element name. This states where the element ends.

19
Q

Content (HTML)

A

This is the content of the element.

20
Q

Element (HTML)

A

The opening tag, the closing tag, and the content together comprise the element.

21
Q

Attributes (HTML)

A

Attributes contain extra information about the element that you do not want to appear in the actual content.

22
Q

Nesting Elements (HTML)

A

Elements within other elements.

23
Q

Empty Elements (HTML)

A

Some elements have no content and are called empty elements.

24
Q

Open Web Application Security Project (OWASP) - Injection

A
  • Broad class of vulnerabilities: SQL, NoSQL, OS, and LDAP injection.
  • Injection happens when untrusted data is sent to an interpreter as a part of a command or a query. The attacker can trick the interpreter into performing unintended actions or accessing data without proper authorization.
  • An interpreter translates a statement of the program one at a time into machine code or machine language instructions.
  • A query is a request for data results or for action on data.
    https: //thehackerish.com/owasp-top-10-vulnerabilities-injection-explained/
25
Q

Open Web Application Security Project (OWASP) - Broken Authentication

A
  • Vulnerabilities that attackers exploit to impersonate legitimate users online.
- Weaknesses seen in the following:
session management (ie - hijacked session IDs).
credential management (ie - stolen login credentials).
  • Session is a sequence of network transactions associated to the same user within a period of time.
  • Session management concerns how you define the parameters of that session.
  • Web applications can track sessions before and after authentication.
    https: //auth0.com/blog/what-is-broken-authentication/
26
Q

Open Web Application Security Project (OWASP) - Sensitive Data Exposure

A
  • Security threat occurs when the web application does not adequately protect sensitive information like session tokens, passwords, banking information, location, health data, etc. whose leak can be critical for the user.
    https: //deepsource.io/blog/owasp-top-ten-sensitive-data-exposure/
27
Q

Open Web Application Security Project (OWASP) - XML External Entities (XXE)

A

XML External Entities (XXE) is a web security vulnerability that allows an attacker to interfere with an application’s processing of XML data. XML eXtensible Markup Language is a markup language that defines a set of rules for encoding documents in a format that is both human-readable and machine-readable.

28
Q

Open Web Application Security Project (OWASP) - Broken Access Control

A
  • When a user can access some resource or perform some action that s/he is not supposed to access.
    https: //portswigger.net/web-security/access-control
29
Q

Open Web Application Security Project (OWASP) - Security Misconfiguration

A
  • Security misconfiguration happens when a server or web application does not implement all of the security controls or security controls are configured incorrectly.
    https: //www.guardicore.com/2019/03/understanding-and-avoiding-security-misconfiguration/
30
Q

Open Web Application Security Project (OWASP) - Insecure Deserialization

A

Insecure deserialization is a vulnerability in which an untrusted or unknown data is used to either inflict a denial of service attack, execute code, bypass authentication or further abuse the logic behind an application.

Serialization is the process that converts an object to a format that can later be restored.

https://searchsecurity.techtarget.com/definition/insecure-deserialization

31
Q

Open Web Application Security Project (OWASP) - Using Components with Known Vulnerabilities

A

Hackers identify a weak component in the system by scanning system using automated tools or by analyzing the components manually.

Keeping the components and libraries updated with the latest patches and upgrading as soon as the newest version becomes available helps significantly reduce the number of known vulnerabilities that put the application at risk, but it’s becoming more common for developers to be unaware of all the components their applications are actually using, making it impossible to address all the vulnerabilities.

https://www.kiuwan.com/owasp-top-10-2017-a9-using-components-with-known-vulnerabilities/

32
Q

Open Web Application Security Project (OWASP) - Insufficient Logging & Monitoring

A

Insufficient logging and monitoring vulnerability occur when log events that are security-critical events are not logged off properly, and the system is not monitored.

https://www.vistainfosec.com/blog/what-is-insufficient-logging-monitoring-and-how-can-it-be-prevented/#:~:text=Insufficient%20logging%20and%20monitoring%20vulnerability,affects%20the%20incident%20handling%20process.

33
Q

Open Web Application Security Project (OWASP) - Cross-Site Scripting (XSS)

A

What the core problem/root cause is of the Class of Attack or Weakness?
Cross-site scripting is an attack that traps a web application and directs web application users to a fake web application to plant a computer virus or steal login information.

https://www.wafcharm.com/en/blog/owasp-top-10-for-beginners/

Client-side code injection attack meaning whenever an application inserts input from a user within the output it generates, without validating or encoding it, it gives the opportunity to an attacker to send malicious code to a different end-user. Cross-Site Scripting (XSS) attacks take these opportunities to inject malicious scripts into trusted websites, which is ultimately sent to other users of the application, which become the attacker’s victims.

How the class of issue is attacked/exploited?
Cross-Site Scripting (XSS) attacks take these opportunities to inject malicious scripts into trusted websites, which is ultimately sent to other users of the application, which become the attacker’s victims.

The victims’ browser will execute the malicious script without knowing it should not be trusted. Therefore, the browser will let it access session tokens, cookies (cookies help us log in automatically), or sensitive information stored by the browser. If properly programmed, the scripts could even rewrite the contents of an HTML file.

In stored XSS attacks, the malicious script resides permanently on the target server, in a message forum, in a database, in a visitor log, etc. The victim gets it when its browser requests the stored information. In reflected XSS attacks, the malicious script is reflected in a response that includes the input sent to the server. This could be an error message or a search result, for example.

How the class of issue is remediated?
Treat all user input as a potential security risk - sanitize input.
34
Q

Open Web Application Security Project (OWASP) - Structured Query Language (SQL) Injection

A

What the core problem/root cause is of the Class of Attack or Weakness?
SQL injection errors occur when:

Data enters a program from an untrusted source.
The data was used to dynamically construct a SQL query. SQL is the standard and most widely used programming language for relational databases. Relational databases are databases that store and provide access to data points that are related to one another.

https://owasp.org/www-community/attacks/SQL_Injection

Like code injection, this attack inserts a Structured Query Language (SQL) script –the language used by most databases to perform query operations– in a text input field. The script is sent to the application, which executes it directly on its database.

How the class of issue is attacked/exploited?
As a result, the attacker could pass through a login screen or do more dangerous things, like read sensitive data directly from the database, modify or destroy database data, or execute admin operations on the database.
How the class of issue is remediated?
Input validation and set query parameters - sanitize input.
35
Q

Crawling

A
  • Website Crawling is indexing the content of websites so they can be searched. The crawler analyzes the content of a page looking for links to the next pages to fetch and index.

Crawl Types
- Site crawls are an attempt to crawl an entire site at one time, starting with the home page. It will grab links from that page, to continue crawling the site to other content of the site. This is often called “Spidering”.

  • Page crawls, which are the attempt by a crawler to crawl a single page or blog post.
36
Q

Intercepting HTTP Proxy (Burp Suite)

A
  • Web vulnerability scanner through passive and active analysis.
  • Used to test for the whole Open Web Application Security Project (OWASP)

Manual Penetration Testing Features of Burp Suite
- Intercept everything browser sees
A powerful proxy/history lets you modify all HTTP(S) communications passing through your browser.

  • Break HTTPS effectively
    Proxy even secure HTTPS traffic. Installing your unique Certification Authority certificate removes associated browser security warnings.
  • Quickly assess your target
    Determine size of target application.

Automated Scanning For Vulnerabilities of Burp Suite
- Fine-tune scan control
Get fine-grained control, with a user-driven scanning methodology. Or, run “point-and-click” scans.

  • Navigate difficult applications
    Crawl more complex targets. Burp Suite’s crawler identifies location based on content - not just the URL.
  • Configure scan behavior
    Customize what you audit, and how.
37
Q

Intercepting HTTP Proxy (ZAP)

A
  • Zed Attack Proxy (ZAP) Used to test for the whole Open Web Application Security Project (OWASP).
  • Security testing.
  • World’s most widely used web app scanner - free and open source (managed by volunteers).
38
Q

JavaScript Popup Boxes

A
  • Alert Box
    It is used when a warning message is needed to be produced. When the alert box is displayed to the user, the user needs to press ok and proceed.
  • Confirm Box
    It is a type of pop up box which is used to get the authorization or permission from the user. The user has to press the ok or cancel button to proceed.
  • Prompt Box
    It is a type of pop up box which is used to get the user input for further use. After entering the required details, the user has to click ok to proceed next stage. Also by pressing the cancel button the user returns a null value.
39
Q

Open Web Application Security Project (OWASP)

A
  • Nonprofit foundation that works to improve the security of software.
  • OWASP releases a Top 10 which references the 10 most critical security concerns for web application.

WhiteHat Security_Technical Interview (1 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2024 Bold Learning Solutions. Terms and Conditions