英文面试速背指南_持续更新

Posted on
Symbols count in article: 5.2k | Reading time ≈ 0:05

0x00 前言

为了面试外企做准备的速背表,一定要精简,精简,再精简,每个概念尽量一到两句话进行速记

0x01 What is Penetration Testing?

Penetration testing is a type of security testing that is used to test the insecurity of an application. It is conducted to find the security risk which might be present in the system.

0x02 Penetration Testing Methodologies (seven steps)

Penetration Testing Execution Standard (PTES) defines penetration testing as 7 phases.

  • Pre-engagement Interactions
    It includes gathering the required tools, OS, and software to start the penetration testing. In addition, there are some basic tools that are required to complete penetration testing with expected results.

  • Intelligence Gathering (Information Gathering)(DNS,IP,Email,Google hacking,etc…)
    The data is collected to help in completing the assessment actions. The information is gathered using a process that helps us to get access to any information that is relevant to the target.

tools:
1.theHarvester is a tool for gathering e-mail accounts, subdomain names, virtual
hosts, open ports/ banners, and employee names from different public sources
(search engines, pgp key servers).
https://github.com/laramies/theHarvester
2.Social Engineer Toolkit
Social Engineer Toolkit (SET) is an open source Python-based tool aimed at penetration testing around Social Engineering.

  • Threat Modeling
    Threat modeling allows you to strengthen network security by tracking the vulnerabilities and then defining measures to prevent or reduce the effect of the threat.

  • Vulnerability Analysis(Scanning,manual testing)
    Identification: Vulnerabilities are discovered
    Validation: Validate the identified vulnerabilities

tools:
1.OpenVAS
2.Nexpose/Nessus
3.Netsparker 
4.Acunetix(AWS)
  • Exploitation
    The identified vulnerabilities are exploited to breach the security
tools:
1.BeEF(Browser Exploitation Framework (Beef))
2.Metasploit
3.sqlmap
  • Post Exploitation
    In this phase, the compromised machine’s value is determined by the sensitivity of the data stored on it. It also evaluates the machine usefulness in further exploiting the network.
tools:
1.PowerShell Empire
2.Meterpreter
3.Netcat
  • Reporting
    The findings are reported in a way that is easily understandable.

0x03 Web Vulnerability

What is SQLinjection attack

A SQL injection attack consists of insertion or “injection” of a SQL query via the input data from the client to the application. A successful SQL injection exploit can read sensitive data from the database, modify database data (Insert/Update/Delete), execute administration operations on the database (such as shutdown the DBMS), recover the content of a given file present on the DBMS file system and in some cases issue commands to the operating system. SQL injection attacks are a type of injection attack, in which SQL commands are injected into data-plane input in order to effect the execution of predefined SQL commands.

  • In-band SQLi (Classic SQLi):Error-based SQLi and Union-based SQLi.
  • Inferential SQLi (Blind SQLi):Boolean-based (content-based) Blind SQLi and Time-based Blind SQLi

What is Cross-site Scripting (XSS) attack

Cross-Site Scripting (XSS) attacks are a type of injection, in which malicious scripts are injected into otherwise benign and trusted web sites. XSS attacks occur when an attacker uses a web application to send malicious code, generally in the form of a browser side script, to a different end user. Flaws that allow these attacks to succeed are quite widespread and occur anywhere a web application uses input from a user within the output it generates without validating or encoding it.

  • Reflected XSS Attacks
  • Stored XSS Attacks
  • DOM Based XSS

OWASP top 10 2017

Top 10
A1:2017-Injection (SQL, LDAP, XPath, or NoSQL queries, OS commands, XML parsers, SMTP headers, expression languages, and ORM queries.)

A2:2017-Broken Authentication

A3:2017-Sensitive Data Exposure

A4:2017-XML External Entities (XXE) Any of the XML processors in the application or SOAP based web services has document type definitions (DTDs) enabled.

A5:2017-Broken Access Control

A6:2017-Security Misconfiguration

A7:2017-Cross-Site Scripting (XSS)

A8:2017-Insecure Deserialization

A9:2017-Using Components with Known Vulnerabilities

A10:2017-Insufficient Logging&Monitoring

0x04 Check list & testing case

  • input validation (sql injection,xss,os command,LDAP,path manipulation,file upload,header injection,xml injection)
  • information disclosure (error handling,code comments,platform information disclosure,)
  • Authentication (Credentials in plant text,Captcha is not random,SSO,broken authentication,username and password can be enumerated)
  • password management(hard code password…)
  • session management(timeout,fixation,not terminate,flag for secure and httponly)
  • Authoriztion(privilege escalation)
  • logging/Auditing (sensitive data logged)
  • Configuration (Network device misconfig,Firewall misconfig)
  • Logic error(bypass security control)
  • Web service(SOAP , restful)
  • Json(Json hijacking )

05 Question for the interviewee

  1. Could you pls introduce the daily work for this position ?
  2. Could you pls introduce the team structure ?
  3. What pentest tooling was using in the daily work and do the team purchase any license for the tools ?