Skip to main content

Web Application Security Testing (WAPT) Interview Questions



Let's Contribute All Together For Creating a Questions Dump


  1. What are the vulnerabilities you have to test in the Login form, Payment gateway?
  2. What is clickjacking?
  3. What is the mitigation of clickjacking?
  4. What is CSRF?
  5. How to mitigate CSRF?
  6. Let's take an example, If a developer implements a CSRF token in a cookie, will it mitigate the CSRF issue?
  7. Is it possible to mitigate the CSRF by header? If yes why, if No why?
  8. If the data is in JSON format, how you will check the CSRF issue and what are the ways of exploitation?
  9. Where to implement the CSRF token and why?
  10. If the client doesn't want to change the UI or doesn't want to implement the CSRF tokens, and headers then what mitigation you recommended to the client for CSRF?
  11. What is the problem with the per-request token?
  12. Is login CSRF possible? Explain login CSRF? Have you ever exploited it?
  13. What is the mitigation for login CSRF?
  14. Suppose, in an application csrf token is implemented in each request and every request, except the employee search field, but in the search field, higher privilege user or authenticated/authorized user can view sensitive details of the user. So, is it necessary to implement csrf token in the search field? If yes/No explain?
  15. How to bypass CSRF token mitigation?
  16. What is SSRF?
  17. What is the difference between SSRF and CSRF?
  18. What are the impact of SSRF?
  19. Is it possible to do XSS by SSRF? If yes, how? If not, why?
  20. What is the difference between SSRF and LFI?
  21. Explain how we can perform the SSRF in a cloud environment?
  22. Let's assume that you are trying SSRF and you are not getting any response then what you will do? What's your next step? 
  23. What are the bypasses of SSRF mitigation?
  24. What we can achieve by SSRF exploitation?
  25. Tell me your process of doing WAPT? How do you start?
  26. What is XXE?
  27. What is blind XXE?
  28. What is the mitigation of XXE?
  29. How you would detect the blind XXE?
  30. What you would do if you find the XXE?
  31. Is it possible to perform XXE in upload functionality?
  32. What is SOP?
  33. What are the bypasses of SOP?
  34. Why do we need SOP?
  35. What is CORS?
  36. Why do we need CORS?
  37. What are bypasses of CORS? or How to find misconfigured CORS?
  38. What is the CSP header? and Why do we need it?
  39. What are the misconfiguration of CSP?
  40. How to implement CSP?
  41. Why do we need CSP if this functionality is used by SOAP and CORS?
  42. What is XSS? What are the types of XSS?
  43. How to exploit DOM-based XSS?
  44. What can be done with XSS?
  45. What is the mitigation of XSS?
  46. What do you do if reflected XSS exists other than phishing?
  47. What is the mitigation of XSS?
  48. What is the difference between hashing and encryption?
  49. What is the best way to store passwords in the database? What should we use hashing or encryption? 
  50. What are the HTTP security headers?
  51. What is a secure flag in a cookie? What is its use of it?
  52. What is the use of the HTTPOnly flag?
  53. When we need the path flag in the cookie should not be root (/)?
  54. Why do we need logging and monitoring?
  55. What is important to log?
  56. How to find SQLI? Tell me some test cases?
  57. What are the types of SQLI?
  58. Tell the SQLI steps?
  59. How to exploit blind SQLi?
  60. Difference between Encoding, hashing, encryption, and Obfuscation?
  61. What is the mitigation of SQLI?
  62. Which one is best and why stored procedure and parameterized queries for SQLI? and why?
  63. How does SSL/TLS handshake work?
  64. How to perform DNS data exfiltration?
  65. What is LFI and RFI?
  66. Is it possible that if LFI exists, then RFI also exists?
  67. Mitigation of LFI/RFI?
  68. What is serialization and deserialization?
  69. What is insecure deserialization?
  70. What is OAuth? 
  71. If the Secure flag is set, but the attacker is still able to steal cookies by MITM, Why it's possible.
  72. Explain IDOR? and Mitigation?
  73. Tell types of attack in Session Management?
  74. How to intercept WSDL?
  75. What is JWT? and what is the use of JWT? 
  76. What are the vulnerabilities in JWT? Explain some vulnerabilities?
  77. How to detect JWT vulnerabilities?
  78. How does JWT differ from sessions?
  79. What is the difference between API security testing and web app security testing?
  80. What are the types of authentication?
  81. How to find whether WAF is enabled or not on the server?
  82. What is salting? and Why do we need it? 
  83. Where to use salting?
  84. How does HTTP handle state?
  85. What are the common API security best practices?
  86. What is the difference between REST API and SOAP API?
  87. Application is vulnerable to form submission without any restriction, what are the mitigations you suggest to prevent it?
  88. Tell some business logical vulnerabilities in a web application you have ever encountered?
  89. Does the source code security review is important? If yes/No why?
  90. What you would achieve by open redirection vulnerability?
  91. What are the security test cases you would perform on upload functionality?
  92. Tell one vulnerability by which you would add an extra header in the request?
  93. How to bypass 403?
  94. What are the ways of securely storing the password on the server?
  95. What is race condition vulnerability?
  96. What you would check on user login, password reset and register functionalities?
  97. What is HTTP request smuggling?
  98. Tell, Top 6 unique vulnerabilities found in the application?
  99. How to do RCE by SQL Injection?
  100. The user name and password field are going in the URL what are the risks?
  101. What factors CSRF impact depends on?
  102. If you were to present the vulnerability report to CISO and Developers, what is your approach? Take an example of one vulnerability for an explanation. (Contribution: Anirudha Bramhe)









Labels:

Comments

Post a Comment

Popular posts from this blog

Free Cybersecurity Certifications

Introduction to Cybersecurity Cybersecurity Essentials Networking Essentials Android Bug Bounty Hunting: Hunt Like a Rat Ethical Hacking Essentials (EHE) Digital Forensics Essentials (DFE) Network Defense Essentials (NDE) Introduction to Dark Web, Anonymity, and Cryptocurrency AWS Skill Builder Introduction to Cybersecurity Building a Cybersecurity Toolkit Cyber Aces Free Cyber Security Training Course Introduction to Information Security Penetration Testing - Discovering Vulnerabilities
Post a Comment
Read more

Is your webcam exposed on the internet and everyone enjoying your personal moments? | How to check webcam or security camera is exposed on the internet or not?

Nowadays we start using many technology devices in our homes. Many people are installing CCTV or security cameras in their houses, private rooms, offices, private places, etc for security purposes and monitoring, but many of them don't know how to configure that device securely. So let's talk about CCTV and security cameras only.  What do most CCTV/Security camera users believe? Most users believe that using a strong username and password on a camera administrative page protects them. (Partially true in the case of online cameras) Example: Why it is partially true? It's partially true because you are protecting only the camera administrative page which is also an important part. Still, you are not protecting the protocol used to control streaming media servers (Real-Time Streaming Protocol ( RTSP )). I have seen many online webcams whose administrative page is secured by strong credentials, but they forget to secure the RTSP protocol which gives me access to the streaming
Post a Comment
Read more