VAPT General Questions

Download as docx, pdf, or txt
Download as docx, pdf, or txt
You are on page 1of 9

static analysis tools such as Fortify, nmap and AppScan

Dynamic scan
- nessus
- burpsuit

SAST / DAST
White box testing / black box texting

Questions
1. How to classify vulnerability in high, medium, low
• Common Vulnerability Scoring System (CVSS)

 factors like exploitability, impact, and complexity.


 Organizations may also consider their specific context, business priorities, and
the criticality of the systems affected.
1. Risk register
• It is a document or database serves as a central repository for recording and
tracking information about potential risks, their likelihood, impact, and the actions
taken to mitigate or respond to them.
2. Risk acceptance
• It is a strategy where an organization accept the potential loss from a Risk rather
than avoiding or mitigating it
3. SQL injection
4. HTTP /HTTPS
• Https encrypts data and uses asymmetric key cryptography
OWASP 10

1. Broken Access Control:


• Vulnerability: Inadequate enforcement of access controls, allowing unauthorized
high privileged actions.
• Example: Accessing another user's data without proper authorization.
• Remediation: Implement proper access controls and conduct regular access
reviews.

2. Cryptographic Failures:
• Vulnerability: Incorrect implementation or usage of cryptographic functions.
• Example: Storing passwords without proper hashing; using weak algorithms.
• Remediation: Using strong, up-to-date cryptographic algorithms. Regularly update
cryptographic libraries and follow best practices for key management and
encryption.

3. Injection:
• Vulnerability: Untrusted data is sent to data field, leading to code execution.
 Example: SQL Injection - Attacker alters SQL queries through user inputs.
 Remediation: input sanitization

4. Insecure Design:
• Vulnerability: Flawed architectural choices leading to security vulnerabilities.
• Example: Allowing direct database access from the client-side.
• Remediation: Implement a secure architecture, including proper data flow and access
controls. Conduct security design reviews and adhere to secure coding principles.
Regularly update and patch systems for any architectural vulnerabilities.
5. Security Misconfigurations:
• Vulnerability: Poorly configured security settings.
• Example: Default accounts/passwords, unnecessary services running.
• Remediation: Regularly audit and review configurations, follow security best practices.

6. Vulnerable and Outdated Components:


• Vulnerability: Use of outdated or vulnerable third-party components.
• Example: Exploiting a known vulnerability in a library.
• Remediation: Regularly update and patch dependencies, monitor for security advisories.

7. Identification and Authorization Failures:


• Vulnerability: Weaknesses in user identification and authorization processes.
• Example: Allowing unauthorized users access to sensitive data or functions.
• Remediation: Implement strong authentication mechanisms, including multi-factor
authentication. Enforce proper authorization controls, conduct regular access reviews, and
employ the principle of least privilege.

8. Software and Data Integrity Failures:


• Vulnerability: Compromises in maintaining the accuracy and consistency of software and
data.
• Example: Unauthorized modification of critical application code or manipulation of stored
data.
• Remediation: Employ code integrity checks, digital signatures, and version control for
software. Implement encryption and access controls to safeguard data integrity.

9. Logging and Monitoring Failure:


• Vulnerability: Lack of proper logging and monitoring, detection of security incidents.
• Example: Failing to notice a series of failed login attempts.
• Remediation: Implement comprehensive logging, regularly review logs, and set up alerts
for suspicious
10. Server-Side Request Forgery (SSRF):
• Vulnerability: Allows an attacker to make unauthorized requests to internal resources
through the targeted server.
• Example: Exploiting a web application to make requests to internal APIs or retrieve
sensitive information.
• Remediation: Validate and sanitize user inputs, especially those used for making requests
to external resources. Implement proper firewall rules to restrict access to internal
resources. Use whitelists for allowed domains and avoid using user-controlled input to form
URLs.

Common Cyber Attacks


1. DOS
2. DDOS
3. Spoofing
4. Man in the Middle
5. ARP poisoning
6. DNS
7. Malware and type

Protocols

Small Concepts
 Casting
• Unicast: single user to single user
• Multicast: single user to multiple user
• Broadcast: single user to all user in that network

 DNS
• Domain name server - mapping domain name into its corresponding ip address
 VPN
• virtual private network, it is a connection between VPN server and VPN client,
creating a point-to-point tunnel that encrypts your personal data, masks
your IP address,

 CIA
o Confidentiality
o Integrity
o Authenticity

 Non-Repudiation

 SAFER
o Secure and Fast Encryption Routine (SAFER) is a block cipher. It has 64-bit block
size and a byte-oriented algorithm.
o SAFER’s encryption and decryption procedures are highly secure. This technology
is used widely in application like digital payment cards.

 Public Key Infrastructure (PKI)


o A public key infrastructure is a set of roles, policies, hardware, software and
procedures needed to create, manage, distribute, use, store and revoke digital
certificates and manage public-key encryption.

 How it works
 three-way handshake

It is a process that happens in a TCP/IP network when you make a connection between a
local host and the server. It is a three-step process to negotiate the acknowledgment and
synchronization of packets before communication starts.

Step 1: The client makes a connection with the server with SYN.

Step 2: The server responds to the client’s request with SYN+ACK.


Step 3: The client acknowledges the server’s response with ACK, and the actual data
transmission begins.

 Firewall
o Firewall is a software or hardware or combination of both installed between internal
network and rest of network.
o Tracks and control network communication packets, whether to accepted, denied, or
dropped packets.
o Types of firewall based on location
 Host based and Network based
 A host-based firewall is installed on an individual computer to protect it from
activity occurring on its network.
 A network-based firewall is implemented at a specified point in the network
path and protects all computers on the "internal" side of the firewall from all
computers on the "external" side of the firewall.
o Based on state
 Stateless and Statefull
 Stateless firewalls make use of a data packet's source, destination, and other
parameters to figure out whether the data packet is a threat or not.
 Stateful firewall also keeps a historical record of traffic and thus can make more
complex decisions. ( source and destination IP addresses, port numbers, and
other header information.)

 Cookies and session

 Difference between SXX and CSRF


 XSS is client side attack or server side attack
Client side

 IOC, types (7min)


 Difference between Antivirus and EDR (Endpoint Detection and
Response)

 Difference between IPS and Firewall

Steps In Hacking
1. Reconnaissance:
This is the first step of Hacking. It is also called as Footprinting and information gathering
Phase. This is the preparatory phase where we collect as much information as possible
about the target. We usually collect information about three groups,
1. Network
2. Host
3. People involved
There are two types of Footprinting:
 Active: Directly interacting with the target to gather information about the target. Eg
Using Nmap tool to scan the target
 Passive: Trying to collect the information about the target without directly accessing
the target. This involves collecting information from social media, public websites
etc.

2. Scanning:
Three types of scanning are involved:
 Port scanning: This phase involves scanning the target for the information like open
ports, Live systems, various services running on the host.
 Vulnerability Scanning: Checking the target for weaknesses or vulnerabilities which
can be exploited. Usually done with help of automated tools
 Network Mapping: Finding the topology of network, routers, firewalls servers if any,
and host information and drawing a network diagram with the available information.
This map may serve as a valuable piece of information throughout the hacking
process.

3. Gaining Access:
This phase is where an attacker breaks into the system/network using various tools or
methods. After entering into a system, he has to increase his privilege to administrator level
so he can install an application he needs or modify data or hide data.

4. Maintaining Access:
Hacker may just hack the system to show it was vulnerable or he can be so mischievous that
he wants to maintain or persist the connection in the background without the knowledge of
the user. This can be done using Trojans, Rootkits or other malicious files. The aim is to
maintain the access to the target until he finishes the tasks he planned to accomplish in that
target.

5. Clearing Track:
No thief wants to get caught. An intelligent hacker always clears all evidence so that in the
later point of time, no one will find any traces leading to him. This involves
modifying/corrupting/deleting the values of Logs, modifying registry values and uninstalling
all applications he used and deleting all folders he created.

 What is the difference between tracepath and traceroute or are they


same?
Tracepath is very similar to traceroute but uses UDP instead of ICMP packets and requires
fewer user privileges to execute. However, it is also less dynamic than traceroute because it
doesn't allow users to specify the protocols used to transfer data packets.

You might also like