We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF or read online on Scribd
You are on page 1/ 27
Cyber Security And Digital Forensics
1) Why is Web Application Security Important?
Web application security is crucial because it protects
sensitive data, user privacy, and the website's integrity.
Without security, hackers could steal information, disrupt
services, or damage a business's reputation. Securing web
applications helps prevent data breaches, fraud, and service
outages.
2) “Making the website HTTPS would make it secure” —
Share Your Comments on This
Using HTTPS is a great first step for security as it encrypts
data sent between the user’s browser and the server, making
it harder for hackers to intercept. However, HTTPS alone
doesn't protect against all types of attacks, like SQL injection
or cross-site scripting (XSS). Additional security measures
are needed for full protection.
3) What Are Cookies? What Security Threat Do They Pose?
Cookies are small pieces of data stored on a user's browser
by websites. They help remember user preferences or logins.
However, cookies can pose security risks if hackers steal
them, allowing them to impersonate users (session
hijacking) or access personal information if cookies are not
protected.4) What Is SQL Injection Attack? What Are Its Types?
An SQL Injection attack occurs when attackers insert
malicious SQL code into a website's input fields (like search
or login forms) to manipulate the database. Types include:
Error-Based SQL Injection: Uses errors to reveal database
details.
Union-Based SQL Injection: Combines results from different
tables.
Blind SQL Injection: Doesn't show direct results but infers
data based on responses.
5) What Are the Ways to Prevent SQL Injection?
Ways to prevent SQL injection include:
Using Parameterized Queries: Ensures inputs are treated as
data, not code.
Input Validation: Checks that inputs are valid.
Using ORM Tools: Frameworks like Hibernate to manage
database interactions.
Stored Procedures: Predefined SQL queries can limit risks.
6) What Is XSS Attack? What Are Its Types?
Cross-Site Scripting (XSS) attacks involve injecting malicious
scripts into web pages. Types include:
Stored XSS: Malicious code is saved on the server anddisplayed to all users.
Reflected XSS: Malicious code is sent to the server and then
immediately displayed back to the user.
DOM-Based XSS: The attack manipulates the page content in
the browser directly, without involving the server.
7) What Are the Ways to Prevent XSS Attacks?
To prevent XSS attacks:
Input Sanitization: Clean up inputs to prevent scripts from
running.
Output Encoding: Encode outputs to ensure they display as
text, not code.
Use Content Security Policy (CSP): Restrict where scripts can
be loaded from.
Avoid Inline JavaScript: Separates scripts to make them
easier to secure.
8) What Is CSRF? How to Prevent It?
Cross-Site Request Forgery (CSRF) is an attack where a
hacker tricks a user's browser into performing unwanted
actions on a site where the user is authenticated. Prevention
methods include:
CSRF Tokens: Unique tokens for each request that hackers
can't replicate.
Same-Site Cookies: Cookies that can only be sent in requests
from the same domain.User Authentication Confirmation: Require user re-
authentication for sensitive actions.
9) What Are the Top 5 Web Application Vulnerabilities You
Know?
Some common vulnerabilities are:
1. SQL Injection: Manipulates databases through malicious
SQL commands.
2. XSS (Cross-Site Scripting): Injects scripts into web pages.
3. CSRF (Cross-Site Request Forgery): Tricks users into
performing unintended actions.
4. Insecure Direct Object References: Exposes internal
objects or resources.
5. Insecure Authentication: Weak login systems that allow
unauthorized access.
10) Explain Any Case Wherein You Found a Critical Web
Application Vulnerability and Provided a Solution
One example of a critical vulnerability might be SQL Injection
ona login page. By entering malicious SQL in the username
or password fields, attackers could bypass login or access
private information. The solution involved implementing
parameterized queries and input validation to ensure that all
inputs were treated as data, preventing malicious SQL code
from executing.11) How Would You Mitigate Vulnerabilities in a Legacy
Application Where Much Code Change Is Not Feasible?
For legacy applications, where changing code is difficult,
consider:
WAF (Web Application Firewall): Blocks known threats
without changing the app.
Access Controls: Limit who can access sensitive parts.
Input Filtering: Filter user inputs to avoid attacks like SQL
injection.
Regular Monitoring: Detect unusual activities that may
indicate an attack.
12) What Tools Do You Use for Performing Web Application
Security Testing?
Some popular security testing tools include:
OWASP ZAP: Finds common vulnerabilities like XSS and SQL
injection.
Burp Suite: Used for security testing and auditing.
Nmap: Scans networks for open ports and services.
Nikto: Checks for outdated software and common issues.
13) How Do You Test Security for Web Services?
For web services security testing:Authentication and Authorization: Check access controls and
user permissions.
Input Validation: Test for injection attacks in APIs.
Data Encryption: Ensure sensitive data is encrypted.
Use Tools: Tools like Postman or Burp Suite can help test
requests and responses for vulnerabilities.
14) What Is the Difference Between White Box and Black Box
Testing?
White Box Testing: Testers have access to the internal code
and structure of the application.
Black Box Testing: Testers only know the input and output,
focusing on functionality without seeing the code.
15) Explain Cyber-Attacks and Cyber Extortion
Cyber-Attacks: Unauthorized attempts to access, damage, or
steal data from computer systems.
Cyber Extortion: When attackers hold data or systems
hostage (often with ransomware) and demand money to
release it.
16) What Are the Main Challenges in Computer Forensics?
Key challenges include:
Data Volume: Huge amounts of data make analysis slow.Encryption: Decrypting data can be difficult.
Legal Issues: Data privacy laws vary by region.
Evolving Technology: New technologies constantly change
how evidence is stored or accessed.
17) What Are the Different Layers of the OSI Model?
The OSI Model has seven layers:
1. Physical: Hardware connections (e.g., cables).
2. Data Link: MAC addresses and switches.
3. Network: IP addresses and routing.
4. Transport: Reliable data delivery (e.g., TCP).
5. Session: Manages connections between devices.
6. Presentation: Data translation (e.g., encryption).
7. Application: End-user applications like web browsers.
18) What Is a VPN?
A VPN (Virtual Private Network) is a secure connection over
the internet that encrypts data and hides your IP address,
providing privacy and protecting sensitive information.
19) What Do You Understand About Risk, Vulnerability, and
Threat in a Network?
Risk: The potential for loss or damage (e.g., a hacker stealing
data).Vulnerability: Weaknesses in a system that can be exploited
(e.g., outdated software).
Threat: Anything that can cause harm to a system (e.g.,
malware).
20) How Can Identity Theft Be Prevented?
Identity theft prevention includes:
Using Strong Passwords: Avoid easy-to-guess passwords.
Enabling Multi-Factor Authentication: Adds extra security.
Monitoring Financial Accounts: Check for unusual
transactions.
Avoiding Phishing Scams: Be cautious of suspicious emails
and links.
21) What Are Black Hat, White Hat, and Grey Hat Hackers?
Black Hat Hackers: Hack for malicious reasons, like stealing
data.
White Hat Hackers: Hack legally to find and fix security
issues.
Grey Hat Hackers: Hack without permission but don’t harm
or have malicious intent.
22) How Often Should You Perform Patch Management?
Patch Management should be performed regularly. Criticalpatches should be applied as soon as possible, while routine
patches may be applied monthly. This helps protect systems
from vulnerabilities as they arise.
Software Testing & Quality Assurance
1. What are the different methods of testing?
There are two main methods of testing software:
Manual Testing: A tester manually checks the software for
errors by following a set of instructions.
Automation Testing: Testing tools and scripts automatically
perform tests. It’s faster and more efficient for repetitive
tests.
2. What are the different levels of testing?
There are four main levels of testing to ensure software
quality:
Unit Testing: Tests individual parts or “units” of the software,
like functions or modules.
Integration Testing: Checks if different units work well
together.
System Testing: Tests the entire software to see if everythingworks as expected.
Acceptance Testing: Ensures the software meets user
requirements and is ready for release.
3. Explain Bug Life Cycle or Defect Life Cycle.
The Bug Life Cycle shows the journey of a bug from when it’s
found to when it's fixed:
1. New: A bug is identified.
2. Assigned: The bug is given to a developer to fix.
3. Open: The developer starts working on it.
4. Fixed: The developer resolves the issue.
5. Retest: The tester checks if it's truly fixed.
6. Closed: The bug is fixed and doesn’t reappear.
7. Reopened: If the bug reappears, it’s reopened and the
process repeats.
4. What is a test case?
A test case is a set of actions, conditions, and expected
results used to check if a software feature is working
correctly. It includes:
Steps to follow
Input data
Expected output Test cases help ensure the software
performs as intended.5. What is the difference between functional and non-
functional testing?
Functional Testing: Checks if the software features work
correctly, like logging in or placing an order.
Non-Functional Testing: Tests aspects like speed, usability,
and security. It focuses on how the software performs rather
than what it does.
6. What is Verification and Validation in Software Testing?
Verification: Ensures the software is built correctly according
to design and requirements. It checks if the development is
on the right track.
Validation: Checks if the software meets the user’s needs
and requirements. It ensures the right product is built.
In short, verification asks, “Are we building it right?” and
validation asks, “Did we build the right thing?”
7. What is usability testing?
Usability Testing checks how easy and user-friendly the
software is. Testers observe real users as they interact with
the software to see if they can use it without problems. It
helps identify issues like confusing navigation or hard-to-
read text.
8. What are the categories of defects?Defects (or bugs) are often grouped into categories based on
severity or type:
Critical Defects: Serious issues that can cause crashes or
prevent basic functions.
Major Defects: Impact important features but don’t cause
complete failure.
Minor Defects: Small issues, like typos, that don't affect
functionality.
Cosmetic Defects: Mostly affect the appearance and don't
impact function, like color mismatches.
9. What are the benefits of Automation testing?
Benefits of automation testing include:
Faster Testing: Automation runs tests quickly, especially for
repetitive tasks.
Improved Accuracy: Reduces human error by following the
same steps each time.
Reusability: Automation scripts can be reused for similar
tests.
Better Coverage: Allows testing more parts of the software in
less time.
Cost-Effective Over Time: Saves time and money in the long
run.
10. Why is Selenium a preferred tool for Automation testing?
Selenium is a popular tool for web application testingbecause:
Open Source: It's free to use.
Multi-Browser Support: Works on most major browsers
(Chrome, Firefox, etc.).
Supports Multiple Languages: Works with programming
languages like Java, Python, and C#.
Large Community Support: Many resources are available,
making it easier to learn and get help.
Flexible and Scalable: Integrates with other tools and can be
scaled to handle large test suites.
Selenium is versatile and widely supported, which makes it a
preferred choice for automating web testing.
11. What are the various components of Selenium?
Selenium has four main components:
Selenium IDE: A tool for recording and replaying tests.
Selenium WebDriver: A tool for running tests on multiple
browsers by controlling browser actions.
Selenium Grid: Allows running tests on multiple machines
and browsers at once.
Selenium RC (Remote Control): An older tool for cross-
browser testing, now mostly replaced by WebDriver.
12. When should | use Selenium Grid?
Use Selenium Grid when you need to:Run tests on multiple machines and browsers
simultaneously.
Save time by testing across different browser setups at once.
Test in a distributed environment where you need to run tests
on various systems.
13. How do | launch the browser using WebDriver?
To launch a browser in Selenium WebDriver, you write code
to create an instance of the browser driver, like ChromeDriver
for Chrome:
from selenium import webdriver
driver = webdriver.Chrome()
driver.get("https://www.example.com")
This opens the Chrome browser and goes to the specified
URL.
14. What's the relationship between environment reality and
test phases?
“Environment reality" means how close the test environment
is to the real production environment. Testing in a realistic
environment improves accuracy and helps identify issues
that might only appear in real-world conditions, making tests
more reliable and relevant to the actual users.
15. Should testing be done only after the build and executionphases are complete?
No, testing can happen at various stages:
Unit Testing happens during development.
Integration Testing occurs as different parts are combined.
Early testing helps identify bugs sooner, saving time and
money compared to testing only at the end.
16. A defect which could have been removed during the
initial stage is removed in a later stage. How does this affect
the cost?
Fixing a defect later in development is more expensive than
fixing it early. The cost increases as the defect progresses
through design, development, and testing because it may
affect other parts of the system, requiring more changes and
re-testing.
17. On what basis can you arrive at an estimation for your
project?
Estimation can be based on:
Project Complexity: How complicated is the software?
Time and Resources Available: How much time and how
many people are available?
Requirements: The number and type of features to test.
Experience: How familiar the team is with similar projects.18. Which test cases are written first: white boxes or black
boxes?
Usually, Black Box Test Cases are written first since they
focus on testing the application from the user's perspective.
White Box Test Cases, which look inside the code, are often
written later by developers or testers familiar with the code.
19. Which test cases can be automated?
You can automate test cases that are:
Repetitive: Run multiple times.
Stable: Don’t change frequently.
Time-Consuming: Take a long time to do manually.
Data-Driven: Require lots of data inputs.
20. On what basis can you map the success of Automation
testing?
The success of automation testing can be measured by:
Reduction in Testing Time: Faster completion of tests.
Improved Test Coverage: More tests can be run across
different scenarios.
Reduced Manual Effort: Less time spent on repetitive tasks.
Improved Accuracy: Fewer human errors in testing.
21. What is the difference between Selenium and Sikuli?Selenium: Works on web applications, controlling browsers
directly.
Sikuli: Uses image recognition, so it can automate tasks on
any application by identifying screen images (useful for
desktop apps).
22. Mention the different types of software testing?
Types of software testing include:
Functional Testing: Tests if features work as expected.
Non-Functional Testing: Checks performance, security, and
usability.
Unit Testing: Tests individual units of code.
Integration Testing: Ensures components work together.
System Testing: Checks the whole system's functionality.
Acceptance Testing: Confirms the system meets user
requirements.
23. What are the contents of test plans and test cases?
Test Plan includes the testing scope, approach, resources,
and schedule.
Test Case includes test steps, input data, expected results,
and actual results, guiding the tester on how to test specific
features.24. What is Agile testing and what is the importance of Agile
testing?
Agile Testing is a testing approach that follows Agile
principles. It involves continuous testing throughout
development, allowing for quick feedback and adjustments.
Agile testing is important because it:
Allows early detection of bugs.
Adapts to changes quickly.
Ensures the product evolves based on user feedback.
Promotes teamwork and collaboration among developers
and testers.
25. What is the strategy for an Automation Test Plan?
An Automation Test Plan outlines how automated tests will
be created, executed, and maintained. It includes:
Scope of Automation: Which test cases to automate.
Test Tools: Selection of tools like Selenium or JUnit.
Framework Design: How tests are structured (e.g., data-
driven, keyword-driven).
Execution Strategy: When and how often tests run.
Roles and Responsibilities: Defines who handles automation
tasks.
Reporting: How results are documented and shared.
26. What are the tools used by a tester while testing?Some popular testing tools are:
Automation Tools: Selenium, JUnit, QTP.
Bug Tracking Tools: JIRA, Bugzilla.
Performance Testing Tools: LoadRunner, JMeter.
Code Analysis Tools: SonarQube.
Continuous Integration Tools: Jenkins, GitLab Cl.
27. Explain stress testing, load testing, and volume testing.
Stress Testing: Tests how the system handles extreme
conditions or peak loads.
Load Testing: Checks how the system performs under
expected user load.
Volume Testing: Examines how the system handles large
amounts of data over time.
28. What are the five common solutions for software
development problems?
Common solutions include:
1. Clear Requirements: Ensure well-defined requirements.
2. Effective Communication: Keep all team members aligned.
3. Proper Testing: Test continuously to find and fix issues
early.
4. Use of Automation: Automate repetitive tasks to save time.
5. Documentation: Maintain detailed records for consistency.29. What is a ‘USE’ case and what does it include?
A Use Case describes a way a user interacts with the
software to achieve a goal. It includes:
Actors: People or systems involved.
Steps: Actions the user takes.
Expected Result: The outcome if all steps succeed.
30. List out the roles of a Software Quality Assurance
engineer.
Roles include:
Writing and executing test cases.
Finding and reporting bugs.
Reviewing requirements and design documents.
Assisting in automation testing.
Ensuring software meets quality standards.
31. List out various tools required to support testing during
development of the application.
Common tools are:
Project Management: JIRA, Asana.
Test Management: TestRail, QTest.
Automation: Selenium, QTP.Performance: JMeter, LoadRunner.
Version Control: Git, SVN.
32. Explain what is a traceability matrix.
A Traceability Matrix maps requirements to test cases. It
shows which test cases cover which requirements, helping
ensure all requirements are tested.
33. Explain the difference between Regression testing and
Retesting.
Regression Testing: Checks if new changes caused issues in
previously working features.
Retesting: Verifies if a specific bug has been fixed by running
the failed test case again.
34. List out the software quality practices throughout the
software development cycle.
Key practices include:
Requirements review.
Code reviews and peer programming.
Continuous testing (unit, integration, system).
Test automation.
Performance testing.
Regular feedback loops.35. Mention what are the types of documents in SQA
(Software Quality Assurance).
SQA documents include:
Test Plan: Details testing strategy.
Test Cases: Steps for testing features.
Bug Reports: Logs of issues found.
Traceability Matrix: Links requirements to tests.
Release Notes: Information about the release version.
36. Explain what should your QA documents include.
QA documents should include:
Test Objectives: What the testing aims to achieve.
Test Cases: Steps to test features.
Bug Reports: Descriptions of issues found.
Traceability Matrix: Links requirements to test cases.
37. Mention how validation activities should be conducted.
Validation activities should be done through:
Test Execution: Running test cases to check if the product
meets requirements.
User Acceptance Testing (UAT): Ensures end users are
satisfied.
Review and Feedback: Collect feedback from stakeholders to
confirm quality.38. What is SDLC?
The Software Development Life Cycle (SDLC) is a process
used to plan, develop, test, and deploy software. Common
stages include:
1. Requirement gathering.
2. Design.
3. Development.
4. Testing.
5. Deployment.
6. Maintenance.
39. What are the best practices for writing test cases?
Best practices include:
Use simple and clear language.
Cover all user scenarios.
Include expected results.
Prioritize reusable and maintainable test cases.
Update test cases regularly.
40. What are the different test levels?
Test levels include:
Unit Testing: Tests individual components.Integration Testing: Tests combined components.
System Testing: Checks the entire system.
Acceptance Testing: Ensures the system meets
requirements.
41. What is the Bug/Defect Life Cycle?
The Bug Life Cycle describes a bug's journey:
1. New: Bug identified.
2. Assigned: Given to a developer.
3. Open: Developer works on it.
4. Fixed: Issue resolved.
5. Retest: Tester checks if it’s fixed.
6. Closed: Bug is resolved or “Reopened” if not fixed.
42. What is Verification?
Verification checks if the software is built according to
specifications. It focuses on reviews and inspections rather
than running code.
43. What is Grey Box Testing?
Grey Box Testing combines White Box (code-based) and
Black Box (user-focused) testing. Testers partially
understand the code but focus mainly on user interactions.44. What is Verification and Validation in Software Testing?
Verification: Ensures software is built correctly according to
requirements.
Validation: Ensures the product meets the user's needs and
works as expected.
45. How is validation different from verification?
Verification checks if the software is built right (meets
specifications).
Validation checks if the right software is built (meets user
needs).
46. What are exit criteria in Software Testing?
Exit criteria are the conditions that must be met before
testing is considered complete. These criteria ensure that
the software is ready for release. Common exit criteria
include:
All critical test cases are passed.
No high-severity bugs remain.
Test coverage goals are achieved.
Acceptance testing is complete.
Required documentation is in place.
47. What are the various methods of Testing?There are two primary methods of testing:
Manual Testing: Testers execute test cases manually without
using tools.
Automation Testing: Testers use automation tools to run
tests repeatedly and efficiently. Other methods include
exploratory testing, which relies on the tester’s skills and
intuition, and scripted testing, which follows a specific set of
instructions.
48. What is Acceptance Testing?
Acceptance Testing is the final level of testing before
release. It ensures the software meets the user requirements
and works as expected in real-world scenarios. Types of
acceptance testing include:
User Acceptance Testing (UAT): Done by end users.
Operational Acceptance Testing: Ensures the system can be
deployed and managed.
49. What is the difference between SDLC and STLC?
SDLC (Software Development Life Cycle): Covers the entire
process of software development from requirements
gathering to maintenance.
STLC (Software Testing Life Cycle): Focuses only on testing
stages, including planning, designing, executing, and closing
tests.In short, SDLC involves the entire development process,
while STLC is specifically about testing.
50. What are the common scenarios where automated
Testing is better than manual Testing?
Automation is better for:
Repetitive Tests: Like regression tests, which need to run
frequently.
Large Test Suites: Many test cases need to be run together.
Data-Driven Testing: Testing with multiple data sets.
Performance Testing: Testing speed, load, and stress.
Tests on Multiple Platforms: Running the same tests across
browsers or devices.
51. What is Unit Testing?
Unit Testing is the process of testing individual parts of the
software, like functions or modules, to ensure they work as
expected. It's often the first test type in the development
cycle and is typically done by developers using code-based
testing tools.