Software Security Testing - WEB Security Testing Interview Questions What type of security testing you performed?

What types of web testing security problems do you know? Please classify vulnerabilities that you know. What are two common techniques used to protect a password file? What is integer overflow? What is your understanding of root causes of vulnerabilities? What is ISO 17799? Can you describe security defect prevention? List and briefly define three classes of intruders. What are three benefits that can be provided by an intrusion detection system? What services are provided by the SSL Record Protocol? Why do we need validate users input for length and characters? Why we need to keep track of individual users and authentication? What is runtime inspection? Describe with examples Fuzzers and Sniffers tools: Define buffer overflows. What are format string vulnerabilities? What is SQL injection? Provide example of command injection. Provide example of broken access control. List and briefly define the parameters that define an SSL session state. List and briefly define the parameters that define an SSL session connection. Why do we need port scanning? How to use an interactive proxy and a set of fuzz strings to manually test the a pplication s handling of data? What is cookie gathering? What is a honeypot? What is phishing attack? What is a dual signature and what is its purpose? How can you ensure that all input fields are properly validated to prevent code injection attacks? What tools can you use to validate the strength of SID (session ID)? What is file enumeration? What steps are involved in the SSL Record Protocol transmission? What are hidden fields in HTTP? What protocols comprise SSL? How to implement (create) a custom fuzz utility and test it against your applica tion? Describe SOAP and WSDL. List and briefly define the principal categories of SET participants. How to test a scriptable ActiveX object? What is the difference between statistical anomaly detection and rule-based intr usion detection? What metrics are useful for profile-based intrusion detection? What is the difference between rule-based anomaly detection and rule-based penet ration identification? What is a salt in the context of UNIX password management? List and briefly define four techniques used to avoid guessable passwords. What is the difference between an SSL connection and an SSL session? List and briefly define Acronyms and Abbreviations Related to Software security Write an example of misusing strcpy() in C and C++ in such a way that a buffer o verflow condition exists as a bug. Answer: IPsec - Internet Protocol Security is a suite of protocols for securing Interne t OSI - Open Systems Interconnection ISDN Integrated Services Digital Network GOSIP- Government Open Systems Interconnection Profile FTP - File Transfer Protocol

DBA - Dynamic Bandwidth Allocation DDS - Digital Data System DES - Data -Encryption Standard CHAP - Challenge Handshake Authentication Protocol BONDING - Bandwidth On Demand Interoperability Group SSH - The Secure Shell COPS Common Open Policy Service ISAKMP - Internet Security Association and Key Management Protocol USM - User-based Security Model TLS - The Transport Layer Security --------------------------------------------------------------------------------

-------------------------------------------------------------------------------Some questions with answers for self review. Question: Describe a sample of attack patterns? Answer: Verify access control; verify that audit log is protected. Question: What C language implementation security flows do you know? Answer: C language has no safe native string type; buffer overruns can overrun function return addresses on the stack Question: What is SQL injection? Answer: Technique that allowed attacker to run its own queries against SQL data base. Question: Define main steps o f threat-modelling process? Answer: Identify threat paths -> Identify threats -> Identify vulnerabilities > Prioritize the vulnerabilities. Question: What is the critical number of characters for input? Answer: 1,024 in power 7 Question: What is Cross-site scripting? Answer: Cross-site scripting attacks exploit the fact that a browser runs code, such as JavaScript or HTML objects. Etc. Question: Provide example of Cross-site scripting? Answer: script alert (document.cookie); script (brackets are removed) Question: What for we use a fuzzer tool? Answer: We use fuzzer to test input fields for common issues. What types of penetration testing tools do you know? Answer: scanners, vulnerability assessment tools, password crackers, etc What types of Denial of service (DoS0 attacks do you know? Answer: bandwidth, Protocol, distributed DoS What types of Malicious applet attack do you know? Answer: Buffer overflows, Trojans, worms, viruses, back doors. What are main two ways of modifying routing of packets used by hackers? switch forwarding table f Answer: 1. Control layer 2 routing (Ethernet routing) looding, ARP cache poisoning, MAC spoofing 2. Control layer 3 routing ( IP routing) DNS poisoning, source routing, adverti se bogus routers, ICMP redirect messages, rogue DHCP servers Describe Cain and Abel tool? Answer:Cain and Abel tool is a fully automated SSL cracker What security models and processes do you know? Describe wireless security risks and types of protection.