Top 25 Security Testing Interview Questions You Must Prepare 07.Jul.2022

The seven main types of security testing as per Open Source Security Testing methodology manual are:

Vulnerability Scanning: Automated software scans a system against known vulnerabilities.

Security Scanning:Manual or automated technique to identify network and system weaknesses.

Penetration testing: Penetration testing is on the security testing which helps in identifying vulnerabilities in a system.

Risk Assessment: It involves analysis of possible risk in the system. Risks are classified as Low, Medium and High.

Security Auditing:Complete inspection of systems and applications to detect vulnerabilities.

Ethical hacking:Hacking done on a system to detect flaws in it rather than personal benefits.

Posture Assessment:This combines Security scanning, Ethical Hacking and Risk Assessments to show an overall security posture of an organization.

The parameters that define an SSL session connection are:

  • Server and client random
  • Server write MACsecret
  • Client write MACsecret
  • Server write key
  • Client write key
  • Initialization vectors
  • Sequence numbers

SOAP or Simple Object Access Protocol  is a XML-based protocol through which applications exchange information over HTTP. XML requests are send by web services in SOAP format then a SOAP client sends a SOAP message to the server. The server responds back again with a SOAP message along with the requested service.

Web Services Description Language (WSDL): is an XML formatted language used by UDDI. “Web Services Description Language describes Web services and how to access them”.

SSL or secured socket layer connection is a transient peer-to-peer communications link where each connection is associated with one SSL Session.

SSL session can be defines as association between client and server generally crated by handshake protocol. There are set of parameters are defined and it may be share by multiple SSL connections.

Intrusion detection is a system which helps in determining possible attacks and deal with it. Intrusion detection includes collecting information from many systems and sources, analysis of the information and find out the possible ways of attack on the system.

Intrusion detection check following:

  • Possible attacks
  • Any abnormal activity
  • Auditing the system data
  • Analysis of different collected data etc.

Following are the participants:

  • Cardholder
  • Merchant
  • Issuer
  • Acquirer
  • Payment gateway
  • Certification authority

Security testing can be considered most important in all type of software testing. Its main objective is to find vulnerabilities in any software (web or networking) based application and protect their data from possible attacks or intruders.

As many applications contains confidential data and needs to be protected being leaked. Software testing needs to be done periodically on such applications to identify threats and to take immediate action on them.

Ports are the point from where information goes in and out of any system. Scanning of the ports to find out any loop holes in the system are known as Port Scanning. There can be some weak points in the system to which hackers can attack and get the critical information. These points should be identified and prevented from any misuse.

Following are the types of port scans:

  1. Strobe: Scanning of known services.
  2. UDP: Scanning of open UDP ports
  3. Vanilla: In this scanning the scanner attempts to connect to all 65,535 ports.
  4. Sweep: The scanner connects to the same port on more than one machine.
  5. Fragmented packets: The scanner sends packet fragments that get through simple packet filters in a firewall
  6. Stealth scan: The scanner blocks the scanned computer from recording the port scan activities.
  7. FTP bounce: The scanner goes through an FTP server in order to disguise the source of the scan.

Factors causing vulnerabilities are:

  1. Design flaws – If there are loop holes in the system that can allow hackers to attack the system easily.
  2. Passwords – If passwords are known to hackers they can get the information very easily. Password policy should be followed rigorously to minimize the risk of password steal.
  3. Complexity – Complex software can open the doors on vulnerabilities.
  4. Human Error – Human error is a significant source of security vulnerabilities.
  5. Management – Poor management of the data can lead to the vulnerabilities in the system.

XSS or cross site scripting is type of vulnerability that hackers used to attack web applications.

It allows hackers to inject HTML or JAVASCRIPT code into a web page which can steal the confidential information from the cookies and returns to the hackers. It is one of the most critical and common technique which needs to be prevented.

This kind of attack uses the forceful browsing with the URL manipulation attack. Hackers can manipulate the parameters in url string and can get the critical data which generally not open for public such as achieved data, old version or data which in under development.

Abbreviations related to software security are:

  1. IPsec – Internet Protocol Security is a suite of protocols for securing Internet
  2. OSI – Open Systems Interconnection
  3. ISDN Integrated Services Digital Network
  4. GOSIP- Government Open Systems Interconnection Profile
  5. FTP – File Transfer Protocol
  6. DBA – Dynamic Bandwidth Allocation
  7. DDS – Digital Data System
  8. DES – Data -Encryption Standard
  9. CHAP – Challenge Handshake Authentication Protocol
  10. BONDING – Bandwidth On Demand Interoperability Group
  11. SSH – The Secure Shell
  12. COPS Common Open Policy Service
  13. ISAKMP – Internet Security Association and Key Management Protocol
  14. USM – User-based Security Model
  15. TLS – The Transport Layer Security

Methodologies in Security testing are:

White Box- All the information are provided to the testers.

Black Box- No information is provided to the testers and they can test the system in real world scenario.

Grey Box- Partial information is with the testers and rest they have to rest on their own.

ISO/IEC 17799 is originally published in UK and defines best practices for Information Security Management. It has guidelines for all organizations small or big for Information security.

The parameters that define an SSL session state are:

  1. Session identifier
  2. Peer certificate
  3. Compression method
  4. Cipher spec
  5. Master secret
  6. Is resumable

Two common techniques to protect a password file are- hashed passwords and a salt value or password file access control.

Types of Cookies are:

  1. Session Cookies – These cookies are temporary and last in that session only.
  2. Persistent cookies – These cookies stored on the hard disk drive and last till its expiry or manually removal of it.

Honeypot is fake computer system which behaves like a real system and attracts hackers to attack on it. Honeypot is used to find out loop holes in the system and to provide solution for these kinds of attacks.

HIDS or Host Intrusion Detection system is a system in which snapshot of the existing system is taken and compares with the previous snap shot. It checks if critical files were modified or deleted then a alert is generated and send to the administrator.

Secure Sockets Layer protocol or SSL is used to make secure connection between client and computers.

Below are the component used in SSL:

  • SSL Recorded protocol
  • Handshake protocol
  • Change Cipher Spec
  • Encryption algorithms

Following are the three classes of intruders:

  1. Masquerader: It can be defined as an individual who is not authorized on the computer but hack the system’s access control and get the access of authenticated user’s account.
  2. Misfeasor: In this case user is authenticated to use the system resources but he miss uses his access on the system.
  3. Clandestine user It can be defined as an individual who hacks the control system of the system and bypasses the system security system.

Network Intrusion Detection system generally known as NIDS. It is used for analysis of the passing traffic on the entire sub-net and to match with the known attacks. If any loop hole identified then administrator receives an alert.

There are three benefits of an intrusion detection system.

  1. NIDS or Network Intrusion Detection
  2. NNIDS or Network Node Intrusion detection system
  3. HIDS or Host Intrusion Detection System

Cookie is a piece of information received from web server and stored in a web browser which can be read anytime later. Cookie can contain password information, some auto fill information and if any hackers get these details it can be dangerous. 

There are following seven attributes of Security Testing:

  • Authentication
  • Authorization
  • Confidentiality
  • Availability
  • Integrity
  • Non-repudiation
  • Resilience