Suppose you find PHP queries overtly in the URL, such as /index.php=?page=userID. What would you then be looking to test?
Submitted by: MuhammadThis is an ideal situation for injection and querying. If we know that the server is using a database such as SQL with a PHP controller, it becomes quite easy. We would be looking to test how the server reacts to multiple different types of requests, and what it throws back, looking for anomalies and errors.
One example could be code injection. If the server is not using authentication and evaluating each user, one could simply try /index.php?arg=1;system(‘id') and see if the host returns unintended data.
Submitted by: Muhammad
One example could be code injection. If the server is not using authentication and evaluating each user, one could simply try /index.php?arg=1;system(‘id') and see if the host returns unintended data.
Submitted by: Muhammad
Read Online Information Security Officer Job Interview Questions And Answers
Top Information Security Officer Questions
☺ | Explain what is the primary reason most companies haven’t fixed their vulnerabilities? |
☺ | Explain how does HTTP handle state? |
☺ | Tell me do you prefer filtered ports or closed ports on your firewall? |
☺ | Tell me what are your first three steps when securing a Windows server? |
☺ | Tell me who do you look up to within the field of Information Security? Why? |
Top Security Categories
☺ | Safety Officer Interview Questions. |
☺ | Security Guard Interview Questions. |
☺ | Information Security Officer Interview Questions. |
☺ | Sheriff Interview Questions. |
☺ | Protocols Officer Interview Questions. |