Cigniti Technologies Interview Questions, Process, and Tips

Blind XSS is a type of XSS attack where the attacker does not receive the output of the injected script.

• Blind XSS is also known as non-persistent XSS.

• It is difficult to detect as the attacker does not receive any feedback.

• One technique to find Blind XSS is to use a tool like Burp Suite to inject a payload and monitor the server response.

• Another technique is to use a third-party service like XSS Hunter to track the payl...read more

My favorite vulnerability is SQL injection.

• SQL injection is a type of attack where an attacker injects malicious SQL code into a database query.

• It can be used to steal sensitive information, modify or delete data, or even take control of the entire database.

• Preventing SQL injection involves using parameterized queries, input validation, and proper error handling.

• Examples of high-profile SQL injection attacks include th...read more

CRLF stands for Carriage Return Line Feed. It is a sequence of characters used to represent a line break in text files.

• CRLF consists of two ASCII control characters: CR (carriage return) and LF (line feed).

• It is commonly used in HTTP headers to separate lines of text.

• CRLF can be exploited by attackers to inject malicious code or perform attacks such as HTTP response splitting.

• To prevent such attacks, input validation a...read more

There are numerous types of XSS attacks. Mitigation involves input validation and output encoding.

• There are three main types of XSS attacks: stored, reflected, and DOM-based.

• Mitigation involves input validation to ensure that user input is safe and output encoding to prevent malicious code from being executed.

• Examples of input validation include limiting the length of input and restricting the types of characters that ...read more

SQLi is a type of injection attack where an attacker injects malicious SQL code into a vulnerable application to gain unauthorized access to sensitive data.

• SQLi involves exploiting vulnerabilities in web applications that allow user input to be executed as SQL commands

• Attackers can use SQLi to bypass authentication, access sensitive data, modify or delete data, and even take control of the entire database

• Mitigation tec...read more

CSRF is a type of attack where a malicious website tricks a user into performing an action on a different website.

• The attacker creates a website with a form that submits a request to the target website

• The user visits the attacker's website and submits the form, unknowingly performing an action on the target website

• The target website cannot distinguish between a legitimate request and the forged request from the attacke...read more

The best way to send CSRF token in client-server communication is through HTTP headers.

• HTTP headers are the most secure way to send CSRF tokens.

• The token should be sent in the 'X-CSRF-Token' header.

• The header should be set to 'SameSite=Strict' to prevent cross-site request forgery attacks.

• The token should be regenerated for each session to prevent replay attacks.

Options to take over a higher-privilege account with an existing lower-privilege account.

• Use privilege escalation techniques to gain higher privileges

• Exploit vulnerabilities in the system to gain access to higher-privilege accounts

• Use social engineering to obtain login credentials for higher-privilege accounts

• Use brute-force attacks to crack passwords for higher-privilege accounts

XSS or Cross-Site Scripting is a type of security vulnerability that allows attackers to inject malicious scripts into web pages viewed by other users.

• Reflected XSS: The attacker injects a script that is reflected back to the user through a search query or form input.

• Stored XSS: The attacker injects a script that is stored on the server and executed whenever the user visits the affected page.

• DOM-based XSS: The attacker...read more

Write programs in Python and Java to demonstrate basic programming skills.

• Write a program in Python to calculate the factorial of a number.

• Write a program in Java to find the sum of all elements in an array.

Challenges in implementing frameworks and how they can be overcome

• Challenges include resistance to change, lack of resources, and difficulty in implementation

• Frameworks provide structure and guidance for addressing challenges

• Examples of frameworks include Agile, Six Sigma, and ITIL

The question is asking about the ability to write complex logical programs.

• Demonstrate understanding of complex logical structures like loops, conditionals, and functions

• Provide examples of solving complex problems using logical programming

• Discuss experience with debugging and optimizing logical programs

Framework explanation and implementations

• A framework is a set of tools, libraries, and best practices used to develop software applications

• Frameworks provide a structure for developers to build upon, reducing the need to reinvent the wheel

• Examples of frameworks include React for front-end web development and Django for back-end web development

Closure is the process of finalizing or resolving something, often involving emotional healing or acceptance.

• Closure is the act of coming to terms with a situation or relationship that has ended.

• It involves accepting the reality of the situation and moving forward.

• Closure can help individuals find peace and emotional healing after a difficult experience.

• Examples of closure include talking things out with a friend after...read more

let, var and const are all used to declare variables in JavaScript, but they have different scopes and mutability.

• let is block-scoped and can be reassigned, var is function-scoped and can be reassigned, const is block-scoped and cannot be reassigned

• Using let:

• let x = 10;

• x = 20; // valid

• Using var:

• var y = 5;

• y = 10; // valid

• Using const:

• const z = 15;

• z = 25; // error, cannot reassign a const variable

Event loop is a mechanism in programming that allows for asynchronous execution of code by continuously checking and processing events.

• Event loop is commonly used in JavaScript to handle asynchronous operations.

• It allows for non-blocking I/O operations by delegating tasks to the operating system.

• Event loop processes events from the event queue and executes associated callback functions.

• Example: setTimeout() function in...read more

Callback hell arises from nested callbacks in asynchronous JavaScript code, leading to unreadable and difficult-to-maintain code.

• Nested callbacks in asynchronous code can lead to deeply nested code structures, making it hard to follow the flow of the program.

• Error handling becomes more complex in callback hell, as errors need to be propagated through multiple levels of callbacks.

• Callback hell can also result in code th...read more

Use two go routines to print numbers 1-100 sequentially

• Create two go routines, one for printing odd numbers and one for printing even numbers

• Use channels to synchronize the two go routines and ensure sequential printing

• Start the odd number go routine first, then start the even number go routine

Generator functions in Go language allow for efficient iteration over a sequence of values.

• Use the 'yield' keyword to return values one at a time from the generator function.

• Generator functions are defined with a 'func' keyword followed by the function name and 'chan' keyword.

• Example: func myGenerator() chan int { }

• Use a 'for' loop to iterate over the values returned by the generator function.

sync.Cond is used for signaling between goroutines and sync.Once is used for running initialization code only once.

• sync.Cond is used for goroutines to wait for or signal each other when a certain condition is met

• sync.Once is used to ensure a function is only executed once, typically used for initialization tasks

• Example: Using sync.Cond to coordinate multiple goroutines accessing a shared resource

• Example: Using sync.Onc...read more