.png){kind=small}
Introduction
If you're interviewing for a job as cyber security analyst, you want to make sure that you know what to expect. After all, this is one of the most important jobs in IT right now! Luckily, we've compiled some of the most common questions asked during interviews for this position. We hope they'll help give you an idea of what your interview might be like so that when it comes time to talk about these issues with HR and your potential supervisor, you can do so confidently.
Why did you choose this career?
This question is designed to determine your interest in the job and whether or not a career in cyber security is right for you. Answer this question by mentioning what interests you about cyber security and how it differs from other fields of security.
For example: "I've always been interested in computers and technology, which led me to pursue an information systems degree. I was fortunate enough to get a position as a junior systems administrator where I learned more about the inner-workings of computer systems."
When answering this question, keep in mind that your answer should be brief and concise while still providing some detail on why you chose this career path.
What is the most important quality a cyber security analyst must have?
The most important quality a cyber security analyst must have is the ability to learn new things. You will be constantly exposed to new technologies and ways of thinking, so you need to be able to adapt quickly in order to stay relevant and valuable.
In addition, the person who holds this role needs the ability to work independently with minimal supervision. As such, they should be self-motivated and able to work without constant guidance from above him/herself.
This individual also needs strong critical thinking skills in order not only identify problems but also how best solve them through either technical or non-technical means (e.g., communication).
What do you do to stay up to date with advancements in cyber security?
There are many ways to stay up to date with advancements in cyber security, including:
Reading blogs and articles from respected industry leaders.
Reading books on a variety of topics related to cyber security.
Attending conferences, training courses and webinars offered by trusted sources in your area of expertise.
Using social media platforms like LinkedIn for professional networking opportunities that can lead you to new insights about the latest trends in the field of cyber security.
Participating in online forums where people interested in cyber security share information about best practices and new technologies being used today.
Do you have a certifications or professional memberships related to cyber security?
We’re all familiar with certifications, but as a hiring manager I want to know if you have professional memberships that show your commitment to your field. If these are available, it shows me that you are keeping up-to-date on the latest developments in cyber security. For example:
Certification: Certified Ethical Hacker
Professional Membership: ISACA (Information Systems Audit and Control Association)
What types of technology are you familiar with that are related to cyber security?
You can expect to be asked about the different types of technology that are related to cyber security. These are:
Firewalls
Intrusion prevention systems (IPS)
Distributed denial-of-service (DDoS) protection devices and services, such as botnet mitigation
Anti-virus software and other malware detection tools, including whitelisting, blacklisting and sandboxing technologies.
What cyber security measures should be in place for a company that has remote employees?
Remote employees are a major focus of cyber security efforts because they're often connected to unsecured public Wi-Fi networks. The easiest first step to take is to enforce the use of a VPN (virtual private network) when accessing corporate resources from the road. This encrypts all data that passes between your computer and your employer's network, making it harder for hackers to intercept sensitive information sent over open wireless connections.
Another important measure is using a secure browser like Google Chrome or Firefox, which offers built-in protection against phishing websites as well as other forms of malware that could infect your computer and expose sensitive company data. When choosing an email client, look for one with two-factor authentication enabled; this adds another layer of protection by requiring anyone who wants access to your inbox either enter their password or approve an additional login method such as text message verification before granting them access. You can also use a secure file sharing service like Dropbox or OneDrive instead of emailing files back and forth in order to ensure they don't get lost in transit while traveling abroad on business trips (and thus become vulnerable during transport). Finally, if you must connect remotely via RDP (remote desktop protocol), always make sure it's encrypted through TLS/SSL protocol encryption so no one else can intercept potentially sensitive information being transmitted across open channels!
How often should logs be reviewed for suspicious activity and by whom?
The frequency and type of log review is entirely dependent on the organization and its risk tolerance. Logs should be reviewed as often as possible by someone who has the authority to act on suspicious activity. The analyst should also have appropriate skills to recognize threats in the logs, so it's best for them to be familiar with common attack methods.
How would you go about auditing permissions on a file server?
The first step in this process would be to look at who has access to what files. It's important to verify that each user only has access to the files they are allowed, and that there aren't any non-authorized users accessing sensitive data. If you notice anything unusual, such as an unauthorized user accessing sensitive data or someone who should not have permission being granted access, it's time for your next step: auditing their actions.
To audit a file server for permissions, you'll need to run a report on all of the current permissions on every file. From there you can see if any new users have been granted permissions that they shouldn't have been given (such as "Full Control"), or if anyone no longer needs those permissions (such as "Read").
Cyber Security Job Interview Questions - What is risk management and how does it help prevent data loss?
What is risk management?
Risk management is the process of identifying risks or threats to an organization, evaluating the potential impact of these risks and determining how to reduce the probability or impact of these events occurring. Risk management helps organizations prevent data loss by helping them understand what assets they have, where those assets are located and what can happen if they are compromised. In addition to this, risk management also helps organizations identify their weakest points so that they can mitigate any damage should a cybersecurity attack occur.
How does risk management help prevent data loss?
If there's one thing we've learned from movies like Die Hard 4: Live Free Or Die Hard (2007), it's that no one ever gets away with stealing money without being caught. But since we don't all work in Hollywood (where there's always a happy ending), it pays to be prepared for worst-case scenarios with rigorous security practices such as documenting every aspect of your business—including its weaknesses—and drawing up plans for how you would respond if any part were breached by hackers or other criminals.
Cyber Security Job Interview Questions - What are best practices for secure password policies?
When creating passwords, you should always follow these best practices:
Passwords should be at least 8 characters. The longer the password, the better.
Use a combination of letters, numbers and special characters. Don’t make it easy for someone to guess your password by using only one character or number.
Never use the same password for multiple accounts. This is especially important if one account contains sensitive information such as credit card numbers or social security numbers. If someone were to get access to one of those accounts due to this error, they could potentially gain access to all your other accounts through brute force attacks!
Avoid using personal information like your name or birth date as part of your password because these are easy for hackers to guess using brute force attacks which allow them algorithmically try thousands upon thousands different combinations until they hit on something that works (or sometimes get lucky with something that’s close enough). Dictionaries are also bad ideas because they contain common words used in everyday speech which can easily be guessed by hackers using dictionary attacks
Cyber Security Job Interview Questions - What is the difference between symmetric and asymmetric encryption methods?
In this section, we'll go over a few important encryption methods that are commonly used today.
Symmetric encryption: This is the older and faster of the two methods. It uses only one key to encrypt and decrypt data, and it's generally used for very small-scale applications. Because it's fast, symmetric encryption is often used in situations where speed is more important than security such as in communications between peers on a network or between two computers connected via USB ports (USB keys). However, this type of system has some weaknesses: if someone steals your private key then they can decrypt all of your past messages using that same private key! That's why many companies use both types of encryption - so that even if someone steals their private key then they still have another method available which would make any stolen information worthless without first breaking into other systems protected by other forms of encryption (such as asymmetric).
Cyber Security Job Interview Questions - What is the role of firewalls in an organization's defense-in-depth strategy?
Firewalls are an important part of defense-in-depth. They can be configured to control access to resources and block or allow traffic based on rules.
For example, a firewall rule may be created that allows all internal communication between two servers but blocks external communications with the same servers. This type of configuration helps protect your organization from threats that could originate from outside your network perimeter (or “network bubble”).
If you're applying for a job as a cyber security analyst, these questions can help you prepare.
If you're applying for a job as a cyber security analyst, these questions can help you prepare. It's important to be prepared for an interview and know the answers to these questions. Asking yourself "What is cyber security?" or "How do I become a cyber security professional?" is not enough—you should also research the company and the job in order to answer any question they may ask you. After all, if they ask about your skillset, you'll want to be able to discuss what makes them unique! You'll want to practice answering these questions in front of a mirror or with a friend so that when the moment comes, there are no surprises and everything goes smoothly (and hopefully well).
To Conclude the Why;
If you're looking for a job as a cyber security analyst, these questions can help you prepare. If you have experience in this field, they'll also serve as a reminder of some important topics.
The following list of questions is by no means exhaustive and some answers and explanations given for each are also non-exhaustive, but rather guidance for you to go out and do more reading and research so as to acquire more knowledge on the subject.
Each company, interviewer, and their perception of the role in the real world will vary. Not all companies use all available security technologies and methodologies. They will certainly have gaps in their security which hopefully you will fill for them, with your experience and expertise.
The questions serve as a starting point for you to practice for your interview and find any gaps in your knowledge that you must fill.
Do not memorize answers to the questions. Understand each concept deeply and practice describing them in your own words. That is how you will give the best answers.
Table of Contents
Questions on Information and Cyber Security Theory
Questions on Systems and Networking
Questions on Email Security
Questions on Cryptography
Questions on Web Application Security
Questions on Database Security
Questions on Information and Cyber Security Theory
What is the main objective of Cybersecurity?
The primary goal of cybersecurity is to ensure the privacy of information, the correctness of data, and access to authorized users.
What is the CIA triad in information security?
The three letters in the “CIA triad” stand for Confidentiality, Integrity, and Availability. It is a fundamental cybersecurity model that acts as a foundation in the development of security policies designed to protect data.
We can assess threats and vulnerabilities by thinking about the impact that they might have on the CIA of an organization’s assets.
Name the most common cyberattacks
You can name some common cyberattacks like:
malware
ransomware
phishing
DoS and DDoS
SQL injections
XSS attacks
Man-in-the-middle attacks
brute-force attacks
Describe a cyber attack for each of the OSI layers
Research some of the common cyberattacks and be able to respond to which attack can occur on each of the 7 OSI layers.
For example:
Sniffing: physical layer
Spoofing: data link layer
MITM: network layer
Port scanning/reconnaissance: transport layer
Cookie hijacking: session layer
Phishing: presentation layer
DDoS attacks: application layer
What is the difference between a threat, a vulnerability, and a risk?
Risk is the potential for loss, damage, or destruction of assets or data. A threat is a negative event, such as the exploitation of a vulnerability. And a vulnerability is a weakness that exposes you to threats and therefore increases the likelihood of a negative event.
Describe what a residual risk is
Residual risk is the risk that remains after your organization has implemented all the security controls, policies, and procedures you believe are appropriate to take.
How do you deal with residual risk?
Residual risk can be dealt with by:
Reduction
Avoidance
Acceptance
What are some common security frameworks?
Some common information security frameworks are:
NIST Cybersecurity Framework
ISO 27001
SOC2
COBIT
Describe what the “Defence In Depth” approach is in cybersecurity
Defense In Depth is a common terminology in modern-day cybersecurity practices. It is a strategy that employs a series of mechanisms, also known as controls, to stop an attack on your organization.
Read more about defense in depth in this article
How would you log and monitor security events?
The most effective way to log security events is to collect them at a central location and use a SIEM to analyze and monitor for unauthorized events.
A SIEM’s purpose is to collect, store, analyze, investigate and report on logs for incident response, forensics, and regulatory compliance purposes, and to analyze the event data it ingests in real time to facilitate the early detection of targeted attacks, advanced threats, and data breaches.
Some well-known SIEM products are:
Splunk Enterprise Security
LogRhythm NextGen
IBM QRadar
McAfee Enterprise Security Manager
AlienVault Unified Security Management
Is there a difference between a data breach and data leakage?
The difference between a data leak and a data breach lies in how they happen.
A data breach happens when an attack is carried out with the intention to steal data, but a data leak is not an actual attack but rather a lack of security controls on the protection of data. Data breach and data leakage categories are accidental, intentional, and a result of a system hack.
Define data exfiltration
Data exfiltration refers to the unauthorized transfer of data from a computer system.
Some common data exfiltration methods are:
email
download to unauthorized devices
upload to unauthorized cloud services
hidden data through steganography to avoid detection
through DNS because its traffic is often not being monitored
What is social engineering? Describe some of its types
Social engineering is a manipulation technique that exploits human behavior to gain access to private information or systems.
Some well-known types of social engineering are:
Spear phishing
Whaling
Business Email Compromise (BEC)
Vishing/voice phishing
Is there a difference between a vulnerability scan and a penetration test? Which would you choose?
There are differences between a vulnerability scan and a penetration test. You can read the full article here.
What are the uses of CVEs and CVSS?
The Common Vulnerability Scoring System (CVSS) is a system widely used in vulnerability management programs. CVSS indicates the severity of an information security vulnerability and is an integral component of many vulnerability scanning tools.
Common Vulnerabilities and Exposures (CVE) is a list of publicly disclosed vulnerabilities and exposures that are maintained by MITRE.
CVSS is the overall score assigned to a vulnerability. CVE is simply a list of all publicly disclosed vulnerabilities that include the CVE ID, a description, dates, and comments.
Questions on Systems and Networking
How would you design a highly secure network?
As a cybersecurity analyst, you should be able to use your technical knowledge to design a secure network or enhance an existing one.
Defense in depth is a primary consideration, where you are going to have redundancy of technical and other security controls, so in case one fails, or is bypassed, there would be other security controls to mitigate the threat.
Compartmentalization is another practice you should employ, by which you create different “zones” for different purposes: inside zone, outsize zone, DMZ, intranet, management VLAN, web server farm, database servers, and so on.
You should be able to describe the placement of routers, firewalls, switches, IPS, VLAN ACLs, and the reason behind those decisions.
Is there a difference between an IDS and an IPS?
An intrusion detection system (IDS) monitors traffic on your network, analyzes that traffic for signatures matching known attacks, and when something suspicious happens, you’re alerted. In the meantime, the traffic keeps flowing.
An intrusion prevention system (IPS) also monitors traffic. But when something unusual happens, the traffic stops altogether until you investigate and decide to allow the traffic.
Five main types of IDS exist:
Network: Choose a point on your network and examine all traffic on all devices from that point.
Host: Examine traffic to and from independent devices within your network, and leave all other devices alone.
Protocol-based: Place protection between a device and the server, and monitor all traffic that goes between them.
Application protocol-based: Place protection within a group of servers and watch how they communicate with one another.
Hybrid: Combine some of the approaches listed above into a system made just for you.
Four main types of IPS exist:
Network: Analyze and protect traffic on your network.
Wireless: Observe anything happening within a wireless network and defend against an attack launched from there.
Network behavior: Spot attacks that involve unusual traffic on your network.
Host-based: Scan events that occur within a host you specify.
*Be ready to respond to the question “would you place an IPS in front or behind a firewall” (usually sits behind the firewall ;))?
What is port scanning and what are some different types of scans?
Port scanning is a method of determining which ports on a network are open and could be receiving or sending data. It is also a process for sending packets to specific ports on a host and analyzing responses to identify vulnerabilities.
TCP and UDP are frequently the protocols used in port scanning.
To perform TCP scans you can use different methods:
SYN scans, the most common form of TCP scanning, involve establishing a half-open connection to the target port by sending a SYN packet and evaluating the response.
TCP connect scan, in which the scanner tries to connect to a port via TCP using the connect system call and the full TCP handshake process.
NULL, FIN, and Xmas scans are three scan types that involve manipulating TCP header flags.
Can you detect a port scan?
Network intrusion detection systems and firewalls are usually configured to detect scans, but scanners can attempt to avoid some common detection rules by altering their scanning rate, accessing ports out of order, or spoofing their source address.
What are some common types of brute-force attacks?
A brute-force attack is an attempt to discover a password by systematically trying every possible combination of letters, numbers, and symbols until you discover the one correct combination that works.
Simple Brute Force Attack
Dictionary Attack
Hybrid Attack
Credential Stuffing
Reverse Brute Force Attack
Rainbow Table Attack
Password Spraying
How can you prevent a brute-force attack?
You may use some of the following methods to prevent a brute force attack:
Limit login attempts
Monitor and block IP addresses
Use 2FA
Use CAPTCHAs
Use a WAF
How would you detect and prevent a DDoS attack?
A DDoS attack is a flood of traffic to your web host or server. With enough traffic, an attacker can eat away at your bandwidth and server resources until they can no longer function.
DDoS attacks can take a variety of forms. Common DDoS attacks include:
Volumetric attacks flood network ports with excess data
Protocol attacks slow down intra-network communication
Application attacks overwhelm web traffic and other application-level operations
There are several clues that indicate an ongoing DDoS attack is happening:
Statistical: An IP address makes X requests over Y seconds
Your server responds with a 503 due to service outages
The TTL (time to live) on a ping request times out
If you use the same connection for internal software, employees notice slowness issues
Log analysis solutions show a huge spike in traffic
Preventing a DDoS attack
Preventing a DDoS attack is sometimes hard and even impossible.
The most effective way to protect against DDoS attacks is to employ cloud-based protection which can handle large-scale attacks.
There are other methods you can use to make your network and applications more resilient to DDoS attacks:
Span your data centers on different networks and locations,
have a DDoS response plan in place so every team knows what to do to recover and communicate with internal staff, customers, and vendors.
scale up your bandwidth to be able to absorb more than the volume of traffic you usually have
using anti-DDoS hardware and software. Some can be provided as a service by your ISP
What is a botnet?
A botnet is a network of computers infected with malware that is controlled by a bot herder.
The bot herder is the person who operates the botnet infrastructure and uses the compromised computers to launch attacks designed to crash a target’s network, inject malware, harvest credentials or execute CPU-intensive tasks.
Each individual device within the botnet network is called a bot.
What is a honeypot? What is it used for?
Honeypots are decoy systems or servers deployed alongside production systems within your network.
For a honeypot to work, the system should appear to be legitimate.
Some free, open-source honey pots you may use are:
Honeydrive – a Linux distribution that comes pre-installed with a lot of active defense capabilities.
cowrie – SSH/Telnet Honeypot
tpotce – The All In One Honeypot Platform
Dionaea – a multi-protocol honeypot that covers everything from FTP to SIP (VoIP attacks)
ElasticHoney – emulates an ElasticSearch instance, and looks for attempted remote code execution.
By properly monitoring your honeypots, you can get insight into attacker tools, tactics, and procedures (TTPs) and gather forensic and legal evidence without putting the rest of your network at risk.
Explain what ARP spoofing attacks are
An ARP spoofing, also known as ARP poisoning, is a Man in the Middle (MitM) attack that allows attackers to intercept communication between network devices. The attack works as follows:
The attacker must have access to the network. They scan the network to determine the IP addresses of at least two devices—let’s say these are a workstation and a router.
The attacker uses a spoofing tool, such as Arpspoof or Driftnet, to send out forged ARP responses.
The forged responses advertise that the correct MAC address for both IP addresses, belonging to the router and workstation, is the attacker’s MAC address. This fools both router and workstation to connect to the attacker’s machine, instead of to each other.
The two devices update their ARP cache entries and from that point onwards, communicate with the attacker instead of directly with each other.
The attacker is now secretly in the middle of all communications.
What is security hardening on systems and network devices
Hardening is the practice of reducing a system’s vulnerability by reducing its attack surface.
Reducing attack vectors through hardening also involves cutting unnecessary services or processes. Overall, a system that provides more services has a much broader attack surface than one performing just one function.
You may employ CIS benchmarks as configuration baselines and best practices for securely configuring a system. There are also pre-made CIS Hardened Images are securely configured virtual machine images based on CIS Benchmarks hardened to either a Level 1 or Level 2 CIS benchmark profile.
Describe VPN and what you would do to secure it further
A virtual private network (VPN) extends a private network across a public network and enables users to send and receive data across shared or public networks as if their computing devices were directly connected to the private network.
There are two main types of VPN you can use:
Remote Access VPN
Site-to-site VPN
To further secure a VPN you can:
Implement MFA
Limit VPN access to specific authorized users
use OpenVPN or IKEv2/IPSec
enable DNS leak protection
check if your IPv6 is “leaking” and disable it
What are some ways used to authenticate someone?
A person may use the following methods, or a combination of them, for authentication.
Password,
OTP
PIN
ID Card
biometric
code sent to mobile phone
How would you secure a corporate wireless network?
Physically secure the wireless access points
Update the firmware and software
Change the default account information (user, password)
Turn off WPS
Disable the default network name and hide the new SSID
Use WPA2
Regularly scan and eliminate rogue Access Points
Don’t use the same wireless network for guest and corporate user access
Employ Network Access Control (NAC) for corporate users and devices
Questions on Email Security
What are some email authentication methods?
SPF
DKIM
DMARC
You should be able to explain what each of the methods above do, and how you can properly configure them.
Is SPF enough to authenticate an email?
SPF alone can only authenticate the source of the message but not the original author. Any email sent would pass SPF checks and they could still spoof the From header which is out of the scope of SPF.
Only in combination with DMARC and DKIM can SPF be used to prevent email spoofing
What types of attacks occur through email?
Fraud
Account takeover
Email interception
Phishing
Malware
What are some email protection security controls?
Limit the number of connections to reduce the chance of spam and DDoS attacks
Verify the sender through reverse DNS lookup before accepting the message
Use content filtering to heuristically block or quarantine probable spam.
Disable email relaying
Restrict local email domain
restrict attachments like .exe, .bat, .vbs, .jar, .swf etc.
Use email encryption
Questions on Cryptography
What is the difference between encryption, encoding, and hashing?
Encryption is the process of securely encoding data in such a way that only authorized users with a key or password can decrypt the data to reveal the original. Encryption is used when data needs to be protected so those without the decryption keys cannot access the original data.
Encoding is a reversible process and data can be encoded to a new format and decoded to its original format.
An example of encoding is: Base64
Hashing is a one-way process where data is transformed into a fixed-length alphanumeric string. This string is known as a hash or message digest. A hash cannot be reversed back to the original data because it is a one-way operation. Hashing is commonly used to verify the integrity of data, commonly referred to as a checksum.
What is the difference between symmetric and asymmetric encryption
In Symmetric-key encryption the message is encrypted by using a key and the same key is used to decrypt the message which makes it easy to use but less secure. It also requires a safe method to transfer the key from one party to another.
Asymmetric Key Encryption is based on public and private key encryption techniques. It uses two different keys to encrypt and decrypt the message. It is more secure than the symmetric key encryption technique but is much slower.
What do we mean by “end-to-end encryption”?
In an end-to-end encrypted system, the only people who can access the data are the sender and the intended recipient. In true end-to-end, encryption occurs at the device level. Messages and files are encrypted before they leave the phone or computer and aren’t decrypted until they reach their destination.
Hackers can’t access data on the server because they don’t have the private keys required to decrypt the data. Instead, secret keys are stored on the individual user’s device.
What is the strongest form of encryption?
AES 256-bit encryption is the strongest and most robust encryption standard that is commercially available today.
What is Public Key Infrastructure (PKI) and how does it work?
Public Key Infrastructure (PKI) is a set of policies that secures the communication between a server and a client. It uses two cryptographic keys, public and private. PKI enables trusted digital identities for people, and grants secure access to digital resources. The core of PKI is a certificate authority, which ensures the trustworthiness of the digital data.
The working of Public Key Infrastructure (PKI) at a macro level is as follows:
Firstly, the request for the Digital Certificate is sent to the appropriate CA (Certificate Authority).
Once the request is processed, the Digital Certificate is issued to the person requesting it.
After that, the Digital Certificate gets signed by confirming the identity of the person.
Now, the Digital Certificate can be used to encrypt the cleartext into a ciphertext, which is sent from the sending party to the other party.
Explain SSL and TLS, is there a difference?
SSL refers to Secure Sockets Layer whereas TLS refers to Transport Layer Security.
SSL and TLS are cryptographic protocols that authenticate data transfer between servers, systems, applications, and users. SSL was a first-of-its-kind cryptographic protocol. TLS on the other hand was a recently upgraded version of SSL.The differences between SSL and TLS are very minor and include: different cipher suites, alert messages, record protocol, handshake process, message authentication
What are the main objectives of cryptography?
Confidentiality: Confidentiality helps in keeping the information safe from unauthorized people.
Non–repudiation: Non-repudiation prevents denial in an electronic transaction.
Authenticity: Authenticity helps in identifying the source of the created information.
Integrity: Integrity makes sure that the data received by the receiver is not modified.
Questions on Web Application Security
What is a Web Application Firewall?
A web application firewall (WAF) protects web applications from a variety of application layer attacks such as cross-site scripting (XSS), SQL injection, and cookie poisoning, among others.
Name the OWASP Top 10
The OWASP Top 10 is a standard awareness document for developers and web application security. It represents a broad consensus about the most critical security risks to web applications.
Broken Access Control (A01:2021)
Cryptographic Failures (A02:2021)
Injection (A03:2021)
Insecure Design (A04:2021)
Security Misconfiguration (A05:2021)
Vulnerable and Outdated Components (A06:2021)
Identification and Authentication Failures (A07:2021)
Software and Data Integrity Failures (A08:2021)
Security Logging and Monitoring Failures (A09:2021)
Server-Side Request Forgery (A10:2021)
Read more on each of the OWASP Top 10 to understand each in-depth and be able to give proper responses to questions on them.
What are some common HTTP status codes?
1xxs – Informational responses: The server is thinking through the request.
2xxs – Success! The request was successfully completed and the server gave the browser the expected response.
3xxs – Redirection: You got redirected somewhere else. The request was received, but there’s a redirect of some kind.
4xxs – Client errors: Page not found. The site or page couldn’t be reached. (The request was made, but the page isn’t valid — this is an error on the website’s side of the conversation and often appears when a page doesn’t exist on the site.)
5xxs – Server errors: Failure. A valid request was made by the client but the server failed to complete the request.
What are some common tools to perform web application security testing?
You should have hands-on experience with several tools, among them, tools used for web application security testing. Here are a few well-known tools for web application security testing. Many of them are open source, so go and practice with them and gain some experience.
Zed Attack Proxy (ZAP)
BurpSuite
Wfuzz
Nikto
W3af
BeeF
SQLMap
SonarQube
Nogotofail
Acunetix
Qualys
Invicti
Questions on Database Security
What are the 3 security aspects of database security?
The protection of a database can entail different security controls to focus on different aspects. A layered structured approach, as shown in the “defense in depth” concept should also be applied for database security, by giving focus to:
Data protection
Access control
Tracking of activities
What are some database security practices?
Separate web application servers from database servers
Restrict network connectivity to the database server to unwanted traffic
Encrypt databases
Pay attention to user roles and restrict them as much as possible according to the user role in the organization (least privilege)
Use strong user passwords and employ encrypted password hashes
Keep your DBMS up to date with the latest versions and security updates
Perform regular backups and store them safely with encryption
Monitor database access for suspicious activity
What is SQL injection and how would you protect from such a vulnerability?
SQL injection is an attack vector that uses malicious SQL code for backend database manipulation to access information that was not intended to be displayed or accessed.
A successful attack may result in the unauthorized viewing of user lists, the deletion of entire tables, and, in certain cases, the attacker gaining administrative rights to a database.
There are different types of SQL injection:
In-band SQLi
Blind SQLi
Out-of-band SQLi
Countermeasures:
Stored procedures shall be used instead of direct queries
MVC Architecture shall be implemented
Use of WAF
Comments