Information Security Officer Question:
Download Questions PDF

Suppose you find PHP queries overtly in the URL, such as /index.php=?page=userID. What would you then be looking to test?

Answer:

This is an ideal situation for injection and querying. If we know that the server is using a database such as SQL with a PHP controller, it becomes quite easy. We would be looking to test how the server reacts to multiple different types of requests, and what it throws back, looking for anomalies and errors.

One example could be code injection. If the server is not using authentication and evaluating each user, one could simply try /index.php?arg=1;system(‘id’) and see if the host returns unintended data.

Download Information Security Professional Interview Questions And Answers PDF

Previous QuestionNext Question
Tell me what is an easy way to configure a network to allow only a single computer to login on a particular jack?Tell me in public-key cryptography you have a public and a private key, and you often perform both encryption and signing functions. Which key is used for which function?