Google News
logo
Cyber Security Interview Questions
Yes, we can prevent XSS attacks through three ways :
 
(i) Escaping : It is the process of stripping out unwanted data to secure the output.
 
(ii) Validating Input : This step ensures that the application is interpreting correct data while preventing any malicious data from entering.
 
(iii) Sanitizing : This process involves cleaning or filtering your input data. It also changes unacceptable user input to an acceptable format.
Difference between stored XSS attacks and reflected XSS attacks :

Stored XSS Attacks Reflected XSS Attacks
The attacks where the injected scripts are permanently stored on the target servers are called stored XSS attacks. The attacks where the user has to send the request first, then start running on the victim's browser, are called reflected XSS attacks.
In stored XSS attacks, the victim retrieves the server's malicious script when requesting the stored information. The reflected XSS attacks reflect results from the browser to the user who sent the request.
A three-way handshake process is used in TCP (Transmission Control Protocol) network for the transmission of data in a reliable way between the host and the client.
 
It’s called a three-way handshake because three segments are exchanged between the server and the client. 
 
SYN : The client wants to establish a connection with the server, and sends a segment with SYN(Synchronize Sequence Number) to the server if the server is up and has open ports.

SYN + ACK : The server responds to the client request with SYN-ACK signal bits set if it has open ports.

ACK : The client acknowledges the response of a server and sends an ACK(Acknowledgment) packet back to the server.
CSRF is referred to as Cross-site Request Forgery, where an attacker tricks a victim into performing actions on their behalf.
 
CSRF attacks can be prevented by using the following ways :
 
* Employing the latest antivirus software which helps in blocking malicious scripts.

* While authenticating to your banking site or performing any financial transactions on any other website do not browse other sites or open any emails, which helps in executing malicious scripts while being authenticated to a financial site.

* Never save your login/password within your browser for financial transactions.

* Disable scripting in your browser.
* SSL (Secure Sockets Layer) is a secure protocol that provides safer conversations between two or more parties across the internet. It works on top of the HTTP to provide security.

* HTTPS (Hypertext Transfer Protocol Secure) is a combination of HTTP and SSL to provide a safer browsing experience with encryption.

* In terms of security, SSL is more secure than HTTPS.
Cognitive security is one of the applications of AI technologies that is used explicitly for identifying threats and protecting physical and digital systems based on human understanding processes.
 
Self-learning security systems use pattern recognition, natural language processing, and data mining to mimic the human brain.
SQL Injection (SQLi) is a type of code injection attack where it manages to execute malicious SQL statements to control a database server behind a web application. Attackers mostly use this to avoid application security measures and thereby access, modify, and delete unauthorized data.
 
The following ways will help you to mitigate or prevent SQL injection attacks :
 
* Include Prepared Statements (with Parameterized Queries)
* Use Stored Procedures
* Validate user input
* Hide data from the error message
* Update your system
* Store database credentials separate and encrypted
* Disable shell and any other functionalities you don’t need
A DDOS (distributed denial-of-service ) is a malicious attempt of disrupting regular traffic of a network by flooding with a large number of requests and making the server unavailable to the appropriate requests. The requests come from several unauthorized sources and hence called distributed denial of service attacks.
 
The following methods will help you to stop and prevent DDOS attacks :
 
* Build a denial of service response plan
* Protect your network infrastructure
* Employ basic network security
* Maintain strong network architecture
* Understand the Warning Signs
* Consider DDoS as a service
* The red team and blue team refer to cyberwarfare. Many organizations split the security team into two groups as red team and blue team.
* The red team refers to an attacker who exploits weaknesses in an organization's security.
* The blue team refers to a defender who identifies and patches vulnerabilities into successful breaches.
There are many ways to reset or remove the BIOS password :
 
* By removing the CMOS battery
* By using software
* By using the MS-DOS command
* By using motherboard jumper
* By using Backdoor BIOS password