The following are the interview questions involved in various aspects of network security. The more stars, the greater the probability of problems appearing. I wish you all can find a satisfactory job.
Note: This set of interview questions has been compiled into a pdf document, but the content is still being updated, because it is impossible to cover all the interview questions anyway, and more people still hope to fill in the gaps by pointing to the surface.
Due to space limitations, this is only part of the
1. What are the two ways to prevent SQL injection?
Use parameterized queries (preferred)
Verify untrusted data
2. XSS injection classification?
Reflected XSS Injection
Stored XSS Injection
DOM type XSS injection
3. What is the difference between XSS and CSRF?
XSS takes advantage of the user's trust in the specified website, and CSRF takes advantage of the website's trust in the user's web browser.
4. XXE injection method?
Basic XXE Injection
Blind-based XXE injection
Bug-based XXE injection
5. What are the three parts of XML?
Document Type Definition (DTD)
Extensible Style Language (XSL)
Extensible Link Language (Extensible Link Language, XLL).
6. How to prevent SSRF?
1) Because the biggest risk of SSRF is information leakage and detection of intranet information, there are several repair methods for SSRF as follows:
2) Disable unnecessary protocols. Only http and https requests are allowed. (Rest service interface)
3) Limit the port of the request to the port commonly used by http. For example, 80,443,8080,8090.
4) Filter the returned information. Verifying the remote server's response to a request is the easier way. If the web application is to obtain a certain type of file. Then verify whether the returned information meets the standards before displaying the returned results to the user.
5) Unified error messages. Prevent users from judging the port status of the remote server based on error information.
6) For DNS rebinding, consider using DNS cache or Host whitelist
7. What determines the confidentiality of the encryption system?
Depends on the secrecy of the key
8. What are the two types of cryptographic algorithms?
Symmetric encryption algorithm
Asymmetric Cryptographic Algorithms
9. What are the two types of symmetric encryption algorithms?
stream encryption algorithm
block encryption algorithm
10. What is the encryption process?
Ciphertext = plaintext * (encryption algorithm + key)
11. What can the RSA algorithm do?
Key pair generation: generate public and private keys
Asymmetric encryption: Encrypt with public key and decrypt with private key
Digital signature: the private key encrypts the message digest, and the public key verifies the signature
Note: Encryption and signing use different key pairs
12. What are the working modes of the block encryption algorithm?
Five basic encryption modes (ECB, CBC, CFB, OFB, CTR)
Two authentication encryption modes (CCM, GCM)
13. Which one should be done first in the order of signature and encryption?
sign first then encrypt
14. What is the working mode of the symmetric encryption algorithm currently recommended by the industry?
GCM mode
15. What kinds of password security protocols are there?
TLS、SSH、HTTPS
16. What are the two recommended symmetric encryption algorithms in the industry?
AES、ChaCha
17. What are the two key agreement algorithms?
DH
ecdh
18. There are interface calls
APP authentication
IAM authentication
custom authentication
19. What are the two types of APP certification?
Non-simple authentication: The call request is authenticated through the Key and Secret of the integrated application.
Simple authentication: call requests through AppCode authentication.
APP authentication supports access control to APIs.
20. What are the two types of IAM authentication?
Token authentication: Invoke the request through Token authentication. Token authentication does not need to use SDK signature, and token authentication is preferred.
AK/SK authentication: Signature authentication is performed on the content of the call request through AK/SK.
Among them, IAM authentication does not support access control to the API.
21. In token authentication, what is the difference between X-Subject-Token and X-Auth-Token?
Call the token interface, and the value of "X-Subject-Token" contained in the response message header after the response is successful is the Token value; call the
business interface, add "X-Auth-Token" and "X-Auth -Token" is the Token obtained from "X-Subject-Token" previously.
22. How does AK/SK certification work?
AK and SK are used together to encrypt and sign the request, which can identify the sender and prevent the request from being modified.
23. How to generate the sender's digital signature?
Message - (Hash Algorithm) - > Digest - (Private Key) - > Digital Signature
24. How to verify that the message has not been tampered with after receiving the digital signature?
Digital signature - (public key) - > digest 1
message - (hash algorithm) - > digest 2
If digest 1 is equal to digest 2, the message has not been tampered with
25. Why can't digital signatures solve man-in-the-middle attacks?
Because the private key and public key may be forged as the attacker's, especially the public key placed on the receiver
26. How to solve man-in-the-middle attack?
digital certificate
27. How does the sender generate a digital certificate?
Public key -- (CA's private key) --> digital certificate
28. How does the receiver verify the sender's public key?
Digital certificate -- (CA's public key) --> public key, and then use the public key and digital signature to verify whether the message has been tampered with
29. How can digital certificates be trusted?
If the certificate matches the browser's preset certificate list, it is trusted
30. Method of querying logs in Linux system
- Login log last;
- Operation log history;
- Startup information and error logs /var/log/message;
- Security log /var/log/secure;
- maillog /var/log/maillog;
- Scheduled task log /var/log/cron;
- Events such as user login and logout system startup /var/log/wtmp
Jingdong two-sided arrangement:
1. How do you usually test (give a target, give a domain name, etc.)
2. How to test a login box
3. What to do in the background
4. File upload bypass
5. What to do with a shell
6. How to collect information with a shell
7. Can nmap scan the intranet directly or how to scan the intranet with nmap
8. How do you feel about the speed of scanning the intranet with cs
9. How to find the target or gateway when you get the proxy Or the question of cross-network segment 10. Do
you know anything about the authentication or domain control of the
intranet ? Vulnerability utilization chain 15. What kind of vulnerabilities are encountered more often in projects ? 16. Why do unauthorized vulnerabilities exist ? 17. Logical vulnerabilities can be roughly divided into several categories . Test points, what types of injection vulnerabilities, attack support methods, and delayed injection functions ? There are several ways to get the shell of the mysql database 23. How to get the shell through sqlmap 24. Introduction to csrf 25. What are the ssrf vulnerability test points in detail ? 26. The difference between local file inclusion and remote file inclusion, local file inclusion what can be done
Questions from non-well-known large companies
1. Types of xss attacks
2. Commonly used statements
of xss 3. The difference between xss and csrf
4. The Chinese name of csrf, give an example of csrf
5. What can xss be used for
6. Ways to prevent sql and xss
7. Explain PDO preprocessing
8. Absolute defense against sql injection
9. What is vertical overreach? What is horizontal override?
10. Have you ever reproduced a vulnerability such as cve? 11. What tools
have you used ? 12.
Do you know about privilege escalation? What is the interception rule 16. SQL injection bypasses waf
interview questions
Exclusive channels to collect test questions from companies such as JD.com, 360, and Tianrongxin! Entering the big factory is just around the corner!
