Cigniti Technologies Interview Questions, Process, and Tips

Q1. What is Blind XSS? What is the technique to find one?
Ans. 
Blind XSS is a type of XSS attack where the attacker does not receive the output of the injected script.
• Blind XSS is also known as non-persistent XSS.

• It is difficult to detect as the attacker does not receive any feedback.

• One technique to find Blind XSS is to use a tool like Burp Suite to inject a payload and monitor the server response.

• Another technique is to use a third-party service like XSS Hunter to track the payl...read more
Answered by AI
Add your answer
Q2. What is your favorite vulnerability? explain that
Ans. 
My favorite vulnerability is SQL injection.
• SQL injection is a type of attack where an attacker injects malicious SQL code into a database query.

• It can be used to steal sensitive information, modify or delete data, or even take control of the entire database.

• Preventing SQL injection involves using parameterized queries, input validation, and proper error handling.

• Examples of high-profile SQL injection attacks include th...read more
Answered by AI
Add your answer
Q3. What is CRLF? explain that
Ans. 
CRLF stands for Carriage Return Line Feed. It is a sequence of characters used to represent a line break in text files.
• CRLF consists of two ASCII control characters: CR (carriage return) and LF (line feed).

• It is commonly used in HTTP headers to separate lines of text.

• CRLF can be exploited by attackers to inject malicious code or perform attacks such as HTTP response splitting.

• To prevent such attacks, input validation a...read more
Answered by AI
Add your answer
Q4. How many XSS are there? what will be the mitigation?
Ans. 
There are numerous types of XSS attacks. Mitigation involves input validation and output encoding.
• There are three main types of XSS attacks: stored, reflected, and DOM-based.

• Mitigation involves input validation to ensure that user input is safe and output encoding to prevent malicious code from being executed.

• Examples of input validation include limiting the length of input and restricting the types of characters that ...read more
Answered by AI
Add your answer
Q5. Explain the process of SQLi. Mitigation?
Ans. 
SQLi is a type of injection attack where an attacker injects malicious SQL code into a vulnerable application to gain unauthorized access to sensitive data.
• SQLi involves exploiting vulnerabilities in web applications that allow user input to be executed as SQL commands

• Attackers can use SQLi to bypass authentication, access sensitive data, modify or delete data, and even take control of the entire database

• Mitigation tec...read more
Answered by AI
Add your answer
Q6. Explain the process of CSRF
Ans. 
CSRF is a type of attack where a malicious website tricks a user into performing an action on a different website.
• The attacker creates a website with a form that submits a request to the target website

• The user visits the attacker's website and submits the form, unknowingly performing an action on the target website

• The target website cannot distinguish between a legitimate request and the forged request from the attacke...read more
Answered by AI
Add your answer
Q7. What will be the best way to send CSRF token in the Clint Server communication?
Ans. 
The best way to send CSRF token in client-server communication is through HTTP headers.
• HTTP headers are the most secure way to send CSRF tokens.

• The token should be sent in the 'X-CSRF-Token' header.

• The header should be set to 'SameSite=Strict' to prevent cross-site request forgery attacks.

• The token should be regenerated for each session to prevent replay attacks.
Answered by AI
Add your answer

Q1. Help me understand If I need to take over a higher-privilege account with an existing lower-privilege account what are the options available?
Ans. 
Options to take over a higher-privilege account with an existing lower-privilege account.
• Use privilege escalation techniques to gain higher privileges

• Exploit vulnerabilities in the system to gain access to higher-privilege accounts

• Use social engineering to obtain login credentials for higher-privilege accounts

• Use brute-force attacks to crack passwords for higher-privilege accounts
Answered by AI
Add your answer
Q2. Some scenario-based questions that are going to land take over an account with XSS
Add your answer
Q3. Different types of XSS
Ans. 
XSS or Cross-Site Scripting is a type of security vulnerability that allows attackers to inject malicious scripts into web pages viewed by other users.
• Reflected XSS: The attacker injects a script that is reflected back to the user through a search query or form input.

• Stored XSS: The attacker injects a script that is stored on the server and executed whenever the user visits the affected page.

• DOM-based XSS: The attacker...read more
Answered by AI
Add your answer

Q1. Some real time project scenario questions on azure data engineering
Add your answer
Q2. Asked the questions on the architecture level
Add your answer

Q1. Asked the questions on the architecture level
Add your answer

Q1. Salary discussion
Add your answer

Q1. Previous project experience
Add your answer

Q1. What are the T codes you have used in SAP ISU
Ans. 
I have used T codes such as FBL5N, FBL1N, FB50, FB60, FB70 in SAP ISU for various testing purposes.
• FBL5N - Display Customer Line Items

• FBL1N - Display Vendor Line Items

• FB50 - G/L Account Posting

• FB60 - Vendor Invoice Posting

• FB70 - Customer Invoice Posting
Answered by AI
Add your answer

Q1. How do you bill customer in SAP ISU and tell us about different meter reads
Ans. 
Billing customers in SAP ISU involves creating billing documents based on meter reads.
• Billing in SAP ISU involves creating billing documents using transaction code EA16

• Different meter reads include actual reads, estimated reads, and manual reads

• Actual reads are readings taken directly from the meter, estimated reads are calculated based on previous consumption patterns, and manual reads are entered by the user
Answered by AI
Add your answer

Basic java questions

Q1. Simple java string/Array manipulation questions
Add your answer
Q2. Reverse the string
Ans. 
Reverse a given string
• Use a loop to iterate through the characters of the string and build a new string in reverse order

• Alternatively, use built-in functions like reverse() or StringBuilder in some programming languages
Answered by AI
Add your answer

Q1. Related performance testing and engineering they asked question
Add your answer

Q1. Related to perormance testing and engineering questiins they asked
Add your answer

Q1. Related performance Testing and engineering questions they asked
Add your answer