AEL Mining Services Interview Questions and Answers

XSS stands for Cross-Site Scripting. It is a type of security vulnerability that allows attackers to inject malicious scripts into web pages.

• Reflected XSS: The injected script is embedded in the URL and executed when the victim visits the manipulated link.

• Stored XSS: The injected script is permanently stored on the target server and executed whenever the vulnerable page is accessed.

• DOM-based XSS: The vulnerability arises from insecure JavaScript coding that allows the attacke...read more

Network VAPT is conducted by identifying vulnerabilities in the network and testing its security measures.

• The process involves identifying potential vulnerabilities in the network infrastructure

• Penetration testing is conducted to simulate attacks and test the effectiveness of security measures

• Vulnerability assessment is done to identify weaknesses in the network

• The results are analyzed and recommendations are made to improve the network security

• Examples of tools used in netwo...read more

IDOR, DOM XSS, and Nessus are common security vulnerabilities and tools used in penetration testing.

• IDOR stands for Insecure Direct Object Reference, where an attacker can access unauthorized data by manipulating object references.

• DOM XSS (Cross-Site Scripting) is a type of XSS attack that occurs in the Document Object Model.

• Nessus is a popular vulnerability scanner used in penetration testing to identify security vulnerabilities in a network.

Union-based SQL injection is a type of attack that allows an attacker to extract information from a database by using the UNION SQL operator.

• Union-based SQL injection involves injecting a malicious SQL query that uses the UNION operator to combine the results of the original query with the attacker's query.

• The attacker can use the UNION operator to retrieve data from other tables in the database, potentially accessing sensitive information.

• An example of a union-based SQL inje...read more

XSS (Cross-Site Scripting) is a type of security vulnerability that allows attackers to inject malicious scripts into web pages viewed by other users.

• XSS attacks can be used to steal sensitive information, such as login credentials or personal data.

• Attackers can also use XSS to hijack user sessions, redirect users to malicious websites, or deface web pages.

• There are three types of XSS attacks: stored, reflected, and DOM-based.

• Preventing XSS attacks involves input validation, ...read more