-
What is security testing, and why is it important?
-
What are the different types of security testing?
-
How is security testing different from functional testing?
-
What are the common vulnerabilities found in web applications?
-
Explain the CIA triad in security testing.
-
What is the OWASP Top 10?
-
What is the difference between vulnerability assessment and penetration testing?
-
What is SQL Injection and how do you test for it?
-
What is Cross-Site Scripting (XSS)?
-
What is Cross-Site Request Forgery (CSRF)?
-
What is session hijacking and how can it be prevented?
-
What are secure cookies?
-
How do you test for broken authentication?
-
What is the difference between authentication and authorization?
-
What is input validation, and why is it critical?
-
What are HTTP security headers?
-
What is data encryption and how do you test for it?
-
How do you test password security?
-
What is brute-force attack and how do you test for resistance?
-
How would you check if a web application is using HTTPS securely?
-
How do you test for insecure direct object references (IDOR)?
-
Explain the concept of security misconfiguration.
-
What tools do you use for security testing?
-
How does a proxy tool like Burp Suite help in security testing?
-
What is fuzz testing?
-
How do you conduct a risk assessment?
-
What is privilege escalation?
-
How do you test access controls?
-
What is directory traversal and how is it detected?
-
What is clickjacking and how is it tested?
-
How do you check for insecure deserialization?
-
What are common mobile app security testing approaches?
-
What is SSL/TLS and how do you test its configuration?
-
How do you verify secure data storage in an application?
-
What is a man-in-the-middle (MITM) attack?
-
What is token-based authentication and how do you test its security?
-
How do you handle security testing for APIs?
-
What is rate limiting and how do you test it?
-
How do you verify that logs do not contain sensitive information?
-
How can insecure file upload functionality be tested?
-
What are the key components of a security test plan?
-
What’s the difference between black-box and white-box security testing?
-
What is penetration testing and how do you prepare for it?
-
What is threat modeling?
-
What is security regression testing?
-
How do you validate logout functionality for security?
-
How do you test for exposed sensitive data in URL or browser history?
-
What is the role of firewalls in security testing?
-
How do you test for third-party integrations’ security?
-
What is a honeypot and how is it used in security?
-
How would you perform a security audit of a web application?
-
How do you simulate a phishing attack to test employee awareness?
-
What is the difference between static and dynamic security testing?
-
How do you test for zero-day vulnerabilities?
-
What is secure SDLC and how is testing integrated into it?
-
How do you ensure compliance with standards like ISO 27001, GDPR, or HIPAA?
-
How would you test a login page for potential exploits?
-
What are security implications of using third-party libraries?
-
How do you test for security in microservices architectures?
-
How would you handle a discovered vulnerability in production?
-
How do you verify the security of cloud-hosted applications?
-
How do you approach penetration testing in DevSecOps?
-
How would you test an application that uses biometric authentication?
-
What are the risks of storing credentials in source code?
-
How do you ensure end-to-end encryption is working?
-
Describe a security testing strategy for an e-commerce site.
-
What are common IoT device security vulnerabilities?
-
How would you report a security issue to a development team?
-
How do you test for timing attacks?
-
How do you assess whether logging and monitoring are secure?
-
What is a race condition vulnerability?
-
How do you test for privilege separation between user roles?
-
Describe a time when your security test caught a major vulnerability.
-
What are some security testing challenges in CI/CD pipelines?
-
What is JWT and how do you test its integrity?
-
How would you test the security of a public API?
-
How would you validate session expiration behavior?
-
How do you test an application’s resistance to social engineering?
-
How do you handle findings from a penetration testing report?
-
What is supply chain security and how do you test for it?
-
What is Burp Suite and how do you use it?
-
How do you use OWASP ZAP for scanning?
-
What are the advantages of using Kali Linux for security testing?
-
How do you use Nikto for vulnerability scanning?
-
What is Metasploit and how is it used in security testing?
-
How do you integrate security testing in CI/CD using tools like SonarQube?
-
What are DAST and SAST tools?
-
What is the role of threat intelligence in security testing?
-
How do you use Nmap in security testing?
-
What is Nessus and what does it do?
-
How do you automate security testing for APIs?
-
What are common security testing plugins for Jenkins?
-
How do you use SSL Labs for SSL testing?
-
What is Google dorking in security testing?
-
What is Shodan and how is it used?
-
How do you perform security testing on a Docker container?
-
What is container hardening?
-
How do you test for CORS vulnerabilities?
-
How do you stay updated on the latest vulnerabilities?
-
What certifications are useful for a career in security testing?
Security Testing
