The following is a collection of interview questions related to various aspects of network security. The more stars, the greater the probability of problems appearing. I wish you all can find a satisfactory job.
Note: This set of interview questions has been compiled into a pdf document, but the content is still being updated, because it is impossible to cover all the interview questions anyway, and more people still hope to fill in the gaps by pointing to the surface.
PHP burst absolute path method?
Single quotation marks cause database error,
access wrong parameter or wrong path,
probe files such as phpinfo
scan and develop undeleted test files,
google hacking
phpmyadmin report path: /phpmyadmin/libraries/lect_lang.lib.php
use loopholes to read configuration files and find paths
for malicious use Website functions, such as the local image reading function to read non-existing images, and the upload point to upload files that cannot be imported normally
What are your commonly used penetration tools, and which one is the most commonly used?
burp, nmap, sqlmap, awvs, ant sword, ice scorpion, dirsearch, imperial sword, etc.
The use of xss blind typing to the intranet server
Phishing Administrator
Information Collection
Spear attacks and watering hole attacks?
Harpoon attack: Refers to the use of Trojan horse programs as email attachments, sending them to the target computer, inducing the victim to open the attachment to infect the Trojan horse
watering hole attack: analyzing the online activities of the attack target, and looking for the weaknesses of the websites frequently visited by the attack target , hack the website and implant malicious programs, waiting for the target to visit
What is a virtual machine escape?
Use the vulnerabilities of the virtual machine software or the software running in the virtual machine to attack to achieve the purpose of attacking or controlling the operating system of the virtual machine host
Man-in-the-middle attack?
principle:
In the same local area network, by intercepting normal network communication data, and performing data tampering and sniffing
defense:
Bind the MAC and IP address of the gateway on the host to be static
Bind the MAC and IP address of the host on the gateway
Use the ARP firewall
TCP three-way handshake process?
The first handshake: when the connection is established, the client sends a syn packet (syn=j) to the server, and enters the SYN_SEND state, waiting for the server to confirm the second handshake: the server
receives the syn packet and must confirm the client's SYN (ack=j +1), and at the same time send a SYN packet (syn=k), that is, a SYN+ACK packet, at this time the server enters the SYN_RECV state for the third
handshake: the client receives the SYN+ACK packet from the server, and sends a confirmation packet ACK to the server ( ack=k+1), the packet is sent, the client and server enter the ESTABLISHED state, and complete the three-way handshake
Seven-story model?
Application layer, presentation layer, session layer, transport layer, network layer, data link layer, physical layer
Understanding of cloud security
Integrating emerging technologies and concepts such as parallel processing, grid computing, and unknown virus behavior judgment, through the abnormal monitoring of software behavior in the network through a large number of mesh clients, obtain the latest information on Trojan horses and malicious programs in the Internet, and send them to the server Carry out automatic analysis and processing, and then distribute virus and Trojan horse solutions to each client
Know about websockets?
WebSocket is a protocol for full-duplex communication on a single TCP connection. The biggest feature is that the server can actively push information to the client, and the client can also actively send information to the server. It is a true two-way equal dialogue.
What is DDOS? What? What is a CC attack? What is the difference?
DDOS:
Distributed denial of service attack, using reasonable service requests to occupy too many service resources, so that legitimate users cannot get service responses
Main methods:
SYN Flood
UDP Flood
ICMP Flood
Connection Flood
HTTP Get
UDP DNS Query Flood
CC attack:
Simulate multiple normal users to continuously visit pages such as forums that require a large amount of data operations, resulting in waste of server resources, CPU at 100% for a long time, and network congestion
The difference between the two:
CC attacks the web page, DDOS attacks the server, it is more difficult to defend against
the CC threshold is low, DDOS requires a large number of servers
CC lasts for a long time, and the impact of DDOS is great
what is land attack
LAN denial-of-service attack, a type of DDOS attack, sends carefully constructed spoofed data packets with the same source address and destination address, causing the target device lacking corresponding protection mechanism to be paralyzed
How will you conduct information gathering?
Server information: ip, middleware, operating system, domain
name whois, ipwhois, network segment attribution, subdomain
detection
, website directory scanning, interface information scanning,
port scanning,
and major search engines for relevant information
What is a CRLF injection attack?
Inject HTTP streams through "carriage return" and "line feed" characters to achieve website tampering, cross-site scripting, hijacking, etc.
To prevent XSS, two angles at the front end and back end?
front end:
User input special characters filter and escape to html entity
User output encoding
rear end:
Entity encoding
Function filtering
Limit character length
How to protect the security of a port?
Utilize WAF, IDS, IPS and other equipment
Dangerous service ports prohibit external access or restrict IP access
Regularly updated versions of services
Webshell detection idea?
Static detection: match feature codes, feature values, and dangerous functions
Dynamic detection: WAF, IDS and other devices
Log detection: filter by IP access rules and page access rules
File integrity monitoring
How to test its loopholes when I found an IIS website? (depending on version)
Summary of Web Middleware Vulnerabilities - IIS
Summary of SQL injection issues
Summary of interview questions about SQL injection
What are GPCs? open how to bypass
GPC:
The magic_quotes_gpc in the php.ini configuration file implements adding backslashes for single quotes, double quotes, backslashes, and NULL characters passed in by get, post, and cookies
\
Bypass:
The GPC of PHP5 ignores $_SERVER, which can be injected in the http request header
Secondary injection
Wide byte injection
What are the commonly used encryption algorithms for the web?
One-way hash encryption MD5, SHA, MAC
Symmetric encryption AES, DES
Asymmetric encryption RSA, RSA2
What else can XSS do besides get cookies?
Get administrator ip
xss worm
Phishing attack
Front-end JS mining
Keylogging
Screen capture
Carrier (or other) network hijacking
Carrier hijacking: advertising
DNS hijacking: tampering with DNS and hijacking the network by various means
What is DNS spoofing
A deceptive behavior in which an attacker pretends to be a domain name server
Buffer Overflow Principles and Defenses
principle:
When the amount of data written into the buffer exceeds the maximum capacity of the buffer, a buffer overflow occurs, and the overflowed data is used by hackers to form a remote code execution vulnerability.
defense:
OS-based defense
Buffer bounds checking
Secure programming
interview questions
Exclusive channels to collect test questions from companies such as JD.com, 360, and Tianrongxin! Entering the big factory is just around the corner!
At the same time, the sections corresponding to each growth route have supporting videos:
Already classified them into categories.