SecurEyes Interview Questions, Process, and Tips

SSRF allows attackers to access internal resources, while CSRF allows attackers to perform actions on behalf of a user.

• SSRF (Server-Side Request Forgery) allows attackers to make requests on behalf of the server, potentially accessing internal resources.

• CSRF (Cross-Site Request Forgery) allows attackers to perform actions on a website on behalf of a user without their consent.

• CSRF attacks can lead to unauthorized actio...read more

XSS stands for Cross-Site Scripting, a type of security vulnerability that allows attackers to inject malicious scripts into web pages.

• XSS allows attackers to execute scripts in the victim's browser, potentially stealing sensitive information or performing actions on behalf of the victim.

• Types of XSS include reflected XSS, stored XSS, and DOM-based XSS.

• Reflected XSS occurs when user input is immediately returned to the...read more

JWT token is a JSON web token used for securely transmitting information between parties.

• JWT token is encoded with a header, payload, and signature.

• It is commonly used for authentication and information exchange in web applications.

• Example: eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiaWF0IjoxNTE2MjM5MDIyfQ.SflKxwRJSMeKKF2QT4fwpMeJf36POk6yJV_adQssw5c

IDOR allows unauthorized access to data, while privilege escalation involves gaining higher levels of access than intended.

• IDOR (Insecure Direct Object Reference) occurs when an attacker can access unauthorized data by manipulating object references in an application.

• Privilege escalation involves gaining higher levels of access than intended, often by exploiting vulnerabilities in the system or application.

• Example of I...read more

OAuth is an authorization protocol that allows third-party applications to obtain limited access to a user's account, while Auth is the process of verifying the identity of a user.

• OAuth is used for authorization, while Auth is used for authentication.

• OAuth allows a user to grant access to their resources without sharing their credentials, while Auth verifies the user's identity using credentials.

• Example: OAuth is commo...read more