Top Most Web Security Interview Questions
Q – 1 Explain what does SimpleWebServer Object include?
Ans-
– SimpleWebServer Object includes the steps that need to be followed to properly use it. The steps are as follows:
– The initialization of the variable takes place that holds the port number for the web server.
– The initialization allows the web server to listen on the port number that is being defined.
– The web server receives the communication through the port that is being mentioned using the object.
– ServerSocket is initialized to establish the connection so that web server and the client can interact with each other.
– This involves redirecting of the content from one place to another only when the sockets on both the sides are opened.
Q – 2 Do you know what is the function of Secure Socket layer?
Ans-
– Secure socket layer is used to provide the security protocol used by the Internet to provide an easy access to the websites.
– It provides a way to validate or identify the website by creating the information file and making the accessing possible.
– It creates an encrypted connection that provides the sending of the data from one source to another using the SSL.
– SSL provides a way to ensure that the security is being provided to the transaction and the data in use.
– The lock is used to display the browsers connection is closed or opened on the secure channel of SSL or TLS.
Q – 3 Tell me what are some of the preliminaries of web security?
Ans-
– Web security consists of some preliminary that need to be followed to provide better security to applications and programs.
– HTTP is also known as HyperText Transfer Protocol is used to provide the communication between the server and the web.
– It provides a connection to be established between the web server and the client computer so that the HTML pages can be transmitted and viewed.
– The website addresses should begin with an http:// prefix and to make it more secure the address should begin with https:// that provides more security.
– HTTP request that is made to the browser provides the web server using Get /HTTP/1.0.
– The server can function properly and send the files only if the index.html is loaded properly and sent back to the user.
Q – 4 Do you know what does secure by default mean in web security?
Ans-
– The secure by default provides the automatic security scripts and applications that save the system from any intrusion.
– This includes the hardening of the system in which all the unnecessary services becomes off by default.
– These allow the process to use fewer resources and allow the process to run in their own shell within their own assigned memory.
– It enables fewer features that explain that if more features are enabled then the chances of being exploited are more with less security is being provided.
– System uses the policy of secure by default to secure the programs and application from unwanted access.
Q – 5 Explain what are the security features being provided in web security?
Ans-
– Security features are very essential in the system as it provides an overall security of the system by applying the patches and the services that keeps the unwanted access away.
– The security features included are as follows:
– Use of algorithms in relation to, the security and the system to, solve the problem of the security.
– Use of SSL or any encryption method to, protect the system from intrusion or any other attack.
– Use of SSL in the SimpleWebServer that doesn’t provides the protection against the DoS attack and doesn’t allow the accessing to, be done using the /etc/shadow.
Q – 6 Tell me what is the function of Socket?
Ans-
– Sockets are very important from the security point of view as it is a method that allows directing of the data to application using TCP/IP protocols.
– It provides a way to combine the IP address and the port number so that a socket can be created and used.
– Web server and the client system both have a virtual environment on which there are sockets that allow the communication to happen between both the parties.
– Client system communicates with the server using the sockets that are opened on the system and by plugging the wire to the server and client system.
– Run() method used in Scoket allow the connection to be established that is coming from the client side.
– It also has a function accept() that is given in ServerSocket that returns the number corresponding to the request generated.
Q – 7 How to write a program to fix the error being produced by the Infinite file?
Ans-
– The infinite file error can be solved when the data will be read continuously from the file.
– The error can be solved by using the keys that provide only the resources that are required.
– The following program is as follows:
osw.write (“HTTP/1.0 200 OKnn”);
while (c != -1) {
sb.append((char)c);
c = fr.read();
}
osw.write (sb.toString());
– This converts the requested file in such a way that if the file exists it shows the messages as ok otherwise it shows an error.
– Limited file access is to be given to the file to remove the error from the infinite file type.
Q – 8 Tell me what are the conditions kept in mind before defining the file?
Ans-
– The file length needs to be checked of the requested file to see that it is above or below the pre-defined value of the available memory.
– The server serves the file using the conditions given or else it shows errors in case the file doesn’t exist on the disk.
– The file is not stored in the memory and it consists of the stream or bytes having incremental approach.
– The server fulfils the request when there are no clients that need to be services at the time when the previous one is already in service.
– A download limit will be imposed and till that time the file won’t be stored in the memory. It will have the MAX_DOWNLOAD_LIMIT bytes set for the client before stopping the process.
Q – 9 Do you know what is the use of Infinite file in Web security?
Ans-
– Infinite file consists of random bits of code that is stored in /dev/random file used to generate the cryptographic keys.
– Infinite file consists of the source of infinite data that can be used to provide the response in easy manner.
– Web server consists of the file that is received by the server in this format GET //dev/random HTTP/1.0.
– Web server provides the continuous data that can be read from /dev/random/ before the web server can run out of the memory.
– The server crashes out in case it runs out of the memory due to the infinite file type and it is very essential in case of the web security.
Q – 10 Do you know what is the Fail-safe approach?
Ans-
– Fail-safe approach defines the level that divides the security such that it is safe even in case the system is failed.
– The fail safe approach doesn’t allow an attacker to take the advantage by breaking in the system and crashes out.
– This approach allows the web server to perform the routines even if the system runs out of the memory in case of any attack.
– The system in attacks doesn’t skip the access to the control check or it doesn’t skip serving any document requested.
– Fail safe approach can force the web server to run of the memory and have a DoS attack.
Q – 11 Can you explain what needs to be done for having the fail-safe stance?
Ans-
– Fail safe stances are used to provide the security in case of any failure occurs in the system.
– Fail safe stances works on the same principle of elevators and it always have a backup planned in case of system failure.
– The security can be breached in case of firewall of the system fails and it doesn’t allow any traffic to come.
– The security issues can be for the user who is intended to access the resources of the system and by default the access is being denied.
– There is a level of security being provided in case the system fails or one or more components fails in the system.
Q – 12 How to write a program that defines the use of fail-safe approach?
Ans-
– Fail-safe approach is being designed to save the system from any failure that can come without any reason.
– This includes developing of the client system that requires the password to be sent to authentication server and if the server is down then the access to all the users is denied by default.
– The program is given to use in case of failure and it is as follows:
osw.write (“HTTP/1.0 200 OKnn”);
while (c != -1) {
sb.append((char)c);
c = fr.read();
}
osw.write (sb.toString());
– This program defines the security of the requested file and it tells that if the file is opened and read successfully then return OK response and sends the content of the file.
Q – 13 Explain what does following lines of code show?
Ans- GET ../../../../etc/shadow HTTP/1.0
– GET is the method that is used to access the files from the server it works the same way like PUT.
– GET method allows the information to be taken from the web server and send it to the user’s browser.
– The directory /etc/ consists of a shadow file that is having the special privileges and only accessible that is having the permissions.
– /etc/shadow consists of all the passwords and usernames that can be accessed and made changes to.
– The file 1.0 of HTTP can be specified by the constructor FileReader and it can attempt to open the file.
Q – 14 Do you know what would have happened if the least privilege principle being followed?
Ans-
– Least privilege principle allowed the use of commands with more security and provided the processes with fewer resources that were unwanted.
– The command that were used to be situated with the set-uid to root that allowed the system to be accessed.
– The commands were used not in a better way to help people use it but they were used in an improper way of creating the directories and running it on their own.
– The root account was made less accessible by any user and no authorization is given on that front to run the file or any process again until it is required.
– There are many sub processes used to handle the commands so that it can’t interfere in other processes.
– This principle minimized the damage of having the viruses attacked the system and steal the information.
Q – 15 Can you explain what is the function of having SimpleWebServer and “Elevated Privileges”?
Ans-
– SimpleWebServer provides the storage space for the files that can be stored having the permissions with them.
– System administrator can run the SimpleWebServer by only having the elevated privileges.
– Elevated privileges allow the users not to access the web server and just access the system that is given to them and the process that they have permission of.
– Using the special privileges the users can’t access any files on the system that is not allowed for them to access.
– The sensitive documents can be controlled using the directory structure of the system of the tree.
Q – 16 Explain what is the principle of Least Privilege?
Ans-
– Least privilege principles ensure that the process gets only the limited resources at the beginning.
– The process will have only that many resources that will allow it to finish a task or job in a given time.
– The principle defines the use of Valet keys that is to ensure the security of the system by locking the processes with limited number of resources.
– The web should be given access to only HTML files to remain more secure on the Internet and all should be secure.
– The user should be given the permission only to do their job and should be provided with that many resources only.
Q – 17 Tell me what are the ways in which attackers can infiltrate the system?
Ans-
– Web servers can be infiltrated using the command shell by an attacker to read the HTML files that is getting transferred.
– If the set-uid scripts are not proper and bad then the infiltration can happen by the attacker.
– The processes are not given proper permissions so that the password can be changed by using the “passwd” command to change the password of the system.
– This also authenticates the user for accessing the system and the files on it containing the data.
– The program that is used in the operating system doesn’t follow the principle of least privilege and lead to security issues.
Q – 18 Do you know why are the valet keys used in Least privilege design mode?
Ans-
– The valet keys are used to provide more security by not letting the processes to use the more resources then allowed.
– The valet keys allow the use of the resources that is necessary for the process to finish the job.
– Valet keys also limit the use of accesses that is being made on the system by the process.
– Valet keys lock the resources until the demand is being done to provide them to any process.
– The valet key system can’t be accessed as it is also remains locked by the system and the permission is given to only those who remain the owners of it.
Q – 19 Can you explain what are the principles in providing the security for the computer programs?
Ans-
– The principle of least privilege is used to provide more security to the computer programs.
– The principle allows the designing of the program such that any unauthorized access is not allowed and only the person who owns the program will be able to access it.
– The services provided should be able to access only those products that need the services.
– Web servers that are involved in responding the queries of the web users provide only accessing to the HTML files that will serve the purpose of the programs.
– Computer programs should be made such that it provides secure features of logging into the program with proper authentication.