18 basic concept questions about safety test interview
Take a look at these interview questions, the purpose is to understand the basic concepts of
safety testing. Each topic can be expanded to a certain depth and breadth.
This is just a tipping point.
Question 1. What is Security Testing?
Of all types of software testing, security testing can be considered the most important. Its main purpose is to find vulnerabilities in any software
(Web or web-based) applications and protect its data from possible attacks or intruders. Since many applications contain confidential data, they need to be protected and leaked. Software testing needs to be conducted regularly on such applications to identify threats and take immediate action.
Question 2. What is Vulnerability?
Vulnerability can be defined as the vulnerability of any system (Vulnerability), intruders or bugs can be attacked through the system. If the system does not strictly implement
security testing, the chance of vulnerabilities will increase. Sometimes patches or fixes need to prevent vulnerabilities in the system.
Question 3. What is Intrusion Detection?
Intrusion detection (Intrusion Detection) is a system that helps identify and handle possible attacks. Intrusion detection involves collecting information from multiple systems and sources, analyzing the information, and finding out possible attack methods.
The intrusion detection check is as follows:
1. Possible Attack
2. Any unusual activity
3. Review system data
4. Analysis of different collected data, etc.
Question 4. What is SQL injection?
SQL injection is one of the common attack techniques used by hackers to obtain key data.
Hackers check for any loopholes in the system. Through these holes, they can pass security checks through SQL queries and return critical data. This is called SQL injection. It can allow hackers to steal critical data and even crash the system.
SQL injection is very critical and needs to be avoided. Regular security testing can prevent such attacks.
SQL database security needs to be defined correctly, and input boxes and special characters should be handled correctly.
Question 5. What is the focus of safety testing?
1. Authentication
2. Authorization
3. Confidentiality
4. Availability
5. Integrity
6. Non-repudiation
7. Resilience
Question 6. What is XSS?
XSS or cross-site scripting is a type of vulnerability used by hackers to attack web applications.
It allows hackers to inject HTML or JAVASCRIPT codes into web pages, and web pages can steal confidential information from cookies and return them to hackers. This is one of the most critical and common technologies and needs to be prevented.
Question 7. What is SSL connection and SSL Session?
SSL or Secure Socket Layer connections are transient peer-to-peer communication links, where each connection is associated with an SSL session (SSL Session).
An SSL session can be defined as the association between a client and a server usually listed by a handshake protocol. A set of parameters is defined and can be shared by multiple SSL connections.
Question 8. What is penetration testing?
Penetration testing is about security testing, which helps identify vulnerabilities in the system. Penetration testing is an attempt to evaluate the security of the system through manual or automated techniques, and if any vulnerabilities are found, the tester uses the vulnerabilities to gain deeper access to the system and discover more vulnerabilities. The main purpose of this test is to protect the system from any possible attacks.
Penetration testing can be conducted in two ways-white box testing and black box testing.
In the white box test, the tester can use all the information. In the black box test, the tester does not have any information. They test the system in a real scenario to find out the vulnerability.
Question 9. Why is penetration testing important?
Penetration testing is important because:
1. Because the threat of an attack is always possible, hackers can steal important data and even crash the system, so security holes and loopholes in the system can be very expensive.
2. It is impossible to protect all information all the time. Hackers always bring new technologies to steal important data, and testers need to perform tests regularly to detect possible attacks.
3. Penetration testing identifies and protects systems through the aforementioned attacks, and helps organizations keep their data safe.
Question 10. What are two common techniques for protecting password files?
Two common techniques for protecting password files are hash passwords and salt values or password file access control.
Question 11. Please list some acronyms or terms related to software security?
English expression:
IPsec – Internet Protocol Security is a suite of protocols for securing Internet
OSI – Open Systems Interconnection
ISDN Integrated Services
Digital Network
SSL-Secure Sockets Layer
FTP – File Transfer Protocol
DBA – Dynamic Bandwidth Allocation
DDS – Digital Data System
DES – Data -Encryption Standard
CHAP – Challenge Handshake Authentication Protocol
BONDING – Bandwidth On Demand Interoperability Group
SSH – The Secure Shell
COPS Common Open Policy Service
ISAKMP – Internet Security Association and Key Management Protocol
USM – User-based Security Model
TLS – The Transport Layer Security
Chinese expression:
1.IPsec——Internet protocol security is a set of protocols used to protect Internet security
2. OSI-Open System Interconnection
3. ISDN Integrated Services Digital Network
4. SSL—Secure Socket Layer
5. FTP-File Transfer Protocol
6.DBA-dynamic bandwidth allocation
7. DDS-Digital Data System
8.DES——Data encryption standard
9. CHAP-Challenge handshake authentication protocol
10. Binding-Bandwidth on demand interoperability group
11.SSH-Secure Shell
12. COPS Common Open Policy Service
13. ISAKMP-Internet Security Association and Key Management Protocol
14.USM——User-based security model
15.TLS—Transport Layer Security
Question 12. What is ISO/IEC 17799?
ISO/IEC 17799 was originally published in the UK and defined best practices for information security management. It has guidelines for all small or large information security organizations.
Question 13. List some factors that may cause vulnerabilities in the software system?
The factors causing the vulnerability are:
1. Design flaws-if there are loopholes in the system that allow hackers to easily attack the system
2. Password-If the hacker knows the password, they can easily obtain the information. Password policies should be strictly followed to minimize the risk of password theft.
3. Complexity-Complex software can open the door to vulnerabilities.
4. Human error-Human error is an important source of security holes.
5. Management-Improper management of data can lead to loopholes in the system.
Question 14. List the methodologies for conducting safety tests?
The methodology of security testing includes:
White Box- All the information are provided to the testers.
Black Box- No information is provided to the testers and they can test the system in real world scenario.
Grey Box- Partial information is with the testers and rest they have to rest on their own.
Question 15. List the 7 main types of safety tests listed in the Open Source Safety Test Method Manual?
According to the Open Source Security Testing Method Manual, the seven main types of security testing are:
1. Vulnerability scanning: Automatic software scans the system for known vulnerabilities.
2. Security scanning: technology to manually or automatically identify network and system weaknesses.
3. Penetration testing: Penetration testing is about security testing, which helps identify vulnerabilities in the system.
4. Risk assessment: including analysis of possible risks in the system. Risks are divided into low, medium and high.
5. Security audit: complete the inspection of the system and applications to detect vulnerabilities.
6. Moral hacking: Hacking attacks on the system to detect defects in the system rather than personal interests.
7. Situation assessment: Combining security scanning, ethical hacking, and risk assessment to show the overall security situation of the organization.
Question 16. What is SOAP and WSDL?
SOAP or Simple Object Access Protocol is an XML-based protocol through which applications exchange information via HTTP. The XML request is sent by a web service in SOAP format, and then the SOAP client sends a SOAP message to the server. The server responds with the SOAP message and the requested service again.
Web Services Description Language (WSDL): XML format language used by UDDI. "The Web Services Description Language describes Web services and how to access them."
Question 17. Please list the parameters defined in the SSL session connection?
The parameters that define an SSL session connection are:
Server and client random
Server write MACsecret
Client write MACsecret
Server write key
Client write key
Initialization vectors
Sequence numbers
Question 18. What is file enumeration?
This attack uses forced browsing and URL manipulation attacks. Hackers can manipulate the parameters in the url string to obtain key data that is usually not open to the public, such as data that has been implemented, old versions, or data that is being developed.
