VAPT General Questions
VAPT General Questions
VAPT General Questions
Dynamic scan
- nessus
- burpsuit
SAST / DAST
White box testing / black box texting
Questions
1. How to classify vulnerability in high, medium, low
• Common Vulnerability Scoring System (CVSS)
2. Cryptographic Failures:
• Vulnerability: Incorrect implementation or usage of cryptographic functions.
• Example: Storing passwords without proper hashing; using weak algorithms.
• Remediation: Using strong, up-to-date cryptographic algorithms. Regularly update
cryptographic libraries and follow best practices for key management and
encryption.
3. Injection:
• Vulnerability: Untrusted data is sent to data field, leading to code execution.
Example: SQL Injection - Attacker alters SQL queries through user inputs.
Remediation: input sanitization
4. Insecure Design:
• Vulnerability: Flawed architectural choices leading to security vulnerabilities.
• Example: Allowing direct database access from the client-side.
• Remediation: Implement a secure architecture, including proper data flow and access
controls. Conduct security design reviews and adhere to secure coding principles.
Regularly update and patch systems for any architectural vulnerabilities.
5. Security Misconfigurations:
• Vulnerability: Poorly configured security settings.
• Example: Default accounts/passwords, unnecessary services running.
• Remediation: Regularly audit and review configurations, follow security best practices.
Protocols
Small Concepts
Casting
• Unicast: single user to single user
• Multicast: single user to multiple user
• Broadcast: single user to all user in that network
DNS
• Domain name server - mapping domain name into its corresponding ip address
VPN
• virtual private network, it is a connection between VPN server and VPN client,
creating a point-to-point tunnel that encrypts your personal data, masks
your IP address,
CIA
o Confidentiality
o Integrity
o Authenticity
Non-Repudiation
SAFER
o Secure and Fast Encryption Routine (SAFER) is a block cipher. It has 64-bit block
size and a byte-oriented algorithm.
o SAFER’s encryption and decryption procedures are highly secure. This technology
is used widely in application like digital payment cards.
How it works
three-way handshake
It is a process that happens in a TCP/IP network when you make a connection between a
local host and the server. It is a three-step process to negotiate the acknowledgment and
synchronization of packets before communication starts.
Step 1: The client makes a connection with the server with SYN.
Firewall
o Firewall is a software or hardware or combination of both installed between internal
network and rest of network.
o Tracks and control network communication packets, whether to accepted, denied, or
dropped packets.
o Types of firewall based on location
Host based and Network based
A host-based firewall is installed on an individual computer to protect it from
activity occurring on its network.
A network-based firewall is implemented at a specified point in the network
path and protects all computers on the "internal" side of the firewall from all
computers on the "external" side of the firewall.
o Based on state
Stateless and Statefull
Stateless firewalls make use of a data packet's source, destination, and other
parameters to figure out whether the data packet is a threat or not.
Stateful firewall also keeps a historical record of traffic and thus can make more
complex decisions. ( source and destination IP addresses, port numbers, and
other header information.)
Steps In Hacking
1. Reconnaissance:
This is the first step of Hacking. It is also called as Footprinting and information gathering
Phase. This is the preparatory phase where we collect as much information as possible
about the target. We usually collect information about three groups,
1. Network
2. Host
3. People involved
There are two types of Footprinting:
Active: Directly interacting with the target to gather information about the target. Eg
Using Nmap tool to scan the target
Passive: Trying to collect the information about the target without directly accessing
the target. This involves collecting information from social media, public websites
etc.
2. Scanning:
Three types of scanning are involved:
Port scanning: This phase involves scanning the target for the information like open
ports, Live systems, various services running on the host.
Vulnerability Scanning: Checking the target for weaknesses or vulnerabilities which
can be exploited. Usually done with help of automated tools
Network Mapping: Finding the topology of network, routers, firewalls servers if any,
and host information and drawing a network diagram with the available information.
This map may serve as a valuable piece of information throughout the hacking
process.
3. Gaining Access:
This phase is where an attacker breaks into the system/network using various tools or
methods. After entering into a system, he has to increase his privilege to administrator level
so he can install an application he needs or modify data or hide data.
4. Maintaining Access:
Hacker may just hack the system to show it was vulnerable or he can be so mischievous that
he wants to maintain or persist the connection in the background without the knowledge of
the user. This can be done using Trojans, Rootkits or other malicious files. The aim is to
maintain the access to the target until he finishes the tasks he planned to accomplish in that
target.
5. Clearing Track:
No thief wants to get caught. An intelligent hacker always clears all evidence so that in the
later point of time, no one will find any traces leading to him. This involves
modifying/corrupting/deleting the values of Logs, modifying registry values and uninstalling
all applications he used and deleting all folders he created.