Qxpress India Private Limited Interview Questions and Answers

Options to take over a higher-privilege account with an existing lower-privilege account.

• Use privilege escalation techniques to gain higher privileges

• Exploit vulnerabilities in the system to gain access to higher-privilege accounts

• Use social engineering to obtain login credentials for higher-privilege accounts

• Use brute-force attacks to crack passwords for higher-privilege accounts

Blind XSS is a type of XSS attack where the attacker does not receive the output of the injected script.

• Blind XSS is also known as non-persistent XSS.

• It is difficult to detect as the attacker does not receive any feedback.

• One technique to find Blind XSS is to use a tool like Burp Suite to inject a payload and monitor the server response.

• Another technique is to use a third-party service like XSS Hunter to track the payload and receive notifications when it is triggered.

• Prevent...read more

The best way to send CSRF token in client-server communication is through HTTP headers.

• HTTP headers are the most secure way to send CSRF tokens.

• The token should be sent in the 'X-CSRF-Token' header.

• The header should be set to 'SameSite=Strict' to prevent cross-site request forgery attacks.

• The token should be regenerated for each session to prevent replay attacks.

There are numerous types of XSS attacks. Mitigation involves input validation and output encoding.

• There are three main types of XSS attacks: stored, reflected, and DOM-based.

• Mitigation involves input validation to ensure that user input is safe and output encoding to prevent malicious code from being executed.

• Examples of input validation include limiting the length of input and restricting the types of characters that can be used.

• Examples of output encoding include HTML entit...read more

My favorite vulnerability is SQL injection.

• SQL injection is a type of attack where an attacker injects malicious SQL code into a database query.

• It can be used to steal sensitive information, modify or delete data, or even take control of the entire database.

• Preventing SQL injection involves using parameterized queries, input validation, and proper error handling.

• Examples of high-profile SQL injection attacks include the 2015 Ashley Madison hack and the 2011 Sony Pictures hack...read more

CRLF stands for Carriage Return Line Feed. It is a sequence of characters used to represent a line break in text files.

• CRLF consists of two ASCII control characters: CR (carriage return) and LF (line feed).

• It is commonly used in HTTP headers to separate lines of text.

• CRLF can be exploited by attackers to inject malicious code or perform attacks such as HTTP response splitting.

• To prevent such attacks, input validation and output encoding should be implemented.

• Examples of CRLF:...read more

SQLi is a type of injection attack where an attacker injects malicious SQL code into a vulnerable application to gain unauthorized access to sensitive data.

• SQLi involves exploiting vulnerabilities in web applications that allow user input to be executed as SQL commands

• Attackers can use SQLi to bypass authentication, access sensitive data, modify or delete data, and even take control of the entire database

• Mitigation techniques include using prepared statements, input validatio...read more

CSRF is a type of attack where a malicious website tricks a user into performing an action on a different website.

• The attacker creates a website with a form that submits a request to the target website

• The user visits the attacker's website and submits the form, unknowingly performing an action on the target website

• The target website cannot distinguish between a legitimate request and the forged request from the attacker's website

• Examples include changing a user's password or ...read more