Perguntas de entrevista da empresa Mirox Cyber Security

. Core Concepts Q: What is the difference between VA and PT? A: Vulnerability Assessment (VA) is a passive scan to identify security loopholes without exploiting them. Penetration Testing (PT) is an active, authorized attempt to exploit those loopholes to verify their impact. Q: What is the OWASP Top 10? A: It is a standard awareness document representing the most critical security risks to web applications, such as Broken Access Control and Injection. 2. Web Security (The "Must-Knows") Q: Explain SQL Injection (SQLi) and how to prevent it. A: SQLi occurs when an attacker inserts malicious SQL code into input fields to manipulate a database. Prevention is done via Parameterized Queries (Prepared Statements) and input validation. Q: What is the difference between Stored and Reflected XSS? A: Stored XSS permanently saves the malicious script on the server (e.g., in a comment section). Reflected XSS is "reflected" off a web server through a link or search field and isn't stored. Q: What is CSRF and how do you mitigate it? A: Cross-Site Request Forgery tricks a logged-in user into performing unwanted actions. Mitigation involves using unique Anti-CSRF Tokens for every sensitive request. 3. Networking & Tools Q: What are the stages of a Penetration Test? A: 1. Reconnaissance, 2. Scanning/Enumeration, 3. Vulnerability Analysis, 4. Exploitation, 5. Post-Exploitation/Reporting. Q: Name your preferred VAPT tools. A: Burp Suite (Web Proxy), Nmap (Network Discovery), Metasploit (Exploitation), and Nessus (Vulnerability Scanning