Recently I appeared in many interviews for Consultant profile. While preparing for the interviews I observed that there is no online resource available to get the questions asked by interviewers for the profile of Information Security Consultant. I am sharing a list of questions asked to me during interviews. Hope this will help others to prepare for interviews in a better manner. I invite everyone to post questions based on their interview experiences in comments.
LIST OF WINDOWS COMMANDS
In this article I am sharing a list of useful Windows commands. Please comment if you find any command missing from the list:
Protection against session fixation attacks
In this article I will discuss how to prevent session fixation attack.
If you do not have clear understanding of Session Fixation attack then first go through the Wikipedia page on Session Fixation at following link: http://en.wikipedia.org/wiki/Session_fixation
Auditing Single Sign-On
In this article we will identify security risks in Single Sign-On (SSO) at implementation and application levels. Later we will design a threat profile which can be used as a benchmark in security audits.
Organizations usually deploy multiple simplified applications instead of a single complex application. It considerably reduces the complexity of business process and also helps in implementing strong access control. But with increasing number of applications, authentication and user information management has become a nightmare. Hence Single Sign-On (SSO) technology has emerged as a solution to this problem. As the term suggests, there is a single sign-on for all the applications in the organization.
Auditing Payment Gateway
In this article we will discuss the security concerns over payment gateway at different functional levels and how to perform a security audit on payment gateway to identify security risks at application level.
A payment gateway is an online payment solution which empowers merchants to accept payment online including credit card, debit card, direct debit, bank transfer and real-time bank transfers. Payment gateway protects sensitive customer data like credit card number & CVV, netbanking credentials etc. by encrypting the traffic to ensure that the information is passed securely between customer & merchant. Continue reading
Implementing Secure File Upload
This post is about building a set of defensive layer around the process of uploading the file. File upload is a very critical process and often exploited by the hackers. The consequences of a successful file upload exploit could be complete disclosure of the source code of the target application or malware infection of the server.
There are 2 ways to store the uploaded file – in file system or in database. Here I will discuss pros and cons of both the approaches and also demonstrate how to implement secure file upload in PHP.
Bypassing ASP .NET “ValidateRequest” for Stored XSS Attack
This article introduces script injection payloads that bypass ASP .NET ValidateRequest filter and also details the hit and trial procedures to analyze .NET debug errors. The techniques included in this article should be used when ValidateRequest is enabled, which is the default setting of ASP .NET.
About ValidateRequest: The Microsoft .NET framework comes with a request validation feature which is configured by the ValidateRequest setting. This feature consists of a series of filters, designed to prevent script injection attacks such as HTML injection and XSS (Cross Site Scripting). ValidateRequest is present in ASP.NET versions 1, 2 and 3. ASP.NET version 4 does not use the ValidateRequest filter.
The Beginning
Nothing is more dangerous than the combination of ignorance and enthusiasm.
Hello! Welcome to the blog INFOSECAUDITOR, a knowledge sharing platform for information security professionals. I am extremely excited to announce the start the blog and hope it will help us to understand the security in a better manner and also to share the knowledge with each other.
I wish you all a very happy reading!!!!!
infosec auditor 