Q: What kind of web pentesting tools do you regularly use?
Ethical Interview Questions
85 ethical interview questions shared by candidates
You are testing an e-commerce web application and you notice that you have full control of the url parameter. Instead of getting the product specifications, you can get access to the admin portal prod_example.com/admin that’s supposed to be accessible only from local network by crafting the request as follows: https://example.com/products?url=https://prod_example.com/admin What type of attack is this? What would be your recommendation towards the client after you discover this vulnerability?
Explain data protection in Transit vs data protection at Rest.
Broadly speaking, DoS and DDoS attacks can be divided into three types. Can you name them?
What is an XSS polyglot? What do we use it?
What are LFI and RFI and what are the consequences of these attacks?
Where are Windows and Linux hashes stored, how can you retrieve them?
What is SAML? Can you enumerate some basic attacks against SAML?
When it comes to storing cookies/session tokens, where would you store them, local/session Storage or Cookies. Which one is the safer option and why?
Which authentication protocols are implemented by default in Windows Active Directory?
Viewing 21 - 30 interview questions