10 Most Common Web Security Vulnerabilities

OWASP or Open Web Security Project is a non-profit charitable organization focused on improving the security of software and web
applications.
The organization publishes a list of top web security vulnerabilities based on the data from various security organizations.
The web security vulnerabilities are prioritized depending on exploitability, detectability and impact on software.
 Exploitability –
What is needed to exploit the security vulnerability? Highest exploitability when the attack needs only web browser and lowest being
advanced programming and tools.
 Detectability –
How easy is it to detect the threat? Highest being the information displayed on URL, Form or Error message and lowest being source
code.
 Impact or Damage –
How much damage will be done if the security vulnerability is exposed or attacked? Highest being complete system crash and lowest
being nothing at all.
The main aim of OWASP Top 10 is to educate the developers, designers, managers, architects and organizations about the most
important security vulnerabilities.

The Top 10 security vulnerabilities as per OWASP Top 10 are:

 SQL Injection
 Cross Site Scripting
 Broken Authentication and Session Management
 Insecure Direct Object References
 Cross Site Request Forgery
 Security Misconfiguration
 Insecure Cryptographic Storage
 Failure to restrict URL Access
 Insufficient Transport Layer Protection
 Unvalidated Redirects and Forwards
SQL Injection
Description
Injection is a security vulnerability that allows an attacker to alter backend SQL statements by manipulating the user supplied data.
Injection occurs when the user input is sent to an interpreter as part of command or query and trick the interpreter into executing
unintended commands and gives access to unauthorized data.
The SQL command which when executed by web application can also expose the back-end database.
Implication
 An attacker can inject malicious content into the vulnerable fields.
 Sensitive data like User Names, Passwords, etc. can be read from the database.
 Database data can be modified (Insert/Update/ Delete).
 Administration Operations can be executed on the database
Vulnerable Objects
 Input Fields
 URLs interacting with the database.
Examples:
 SQL injection on the Login Page
Logging into an application without having valid credentials.
Valid userName is available, and password is not available.
Test URL: http://demo.testfire.net/default.aspx
User Name: sjones
Password: 1=1' or pass123
SQL query created and sent to Interpreter as below
SELECT * FROM Users WHERE User_Name = sjones AND Password = 1=1' or pass123;
Recommendations
1. White listing the input fields
2. Avoid displaying detailed error messages that are useful to an attacker.
Cross Site Scripting
Description
Cross Site Scripting is also shortly known as XSS.
XSS vulnerabilities target scripts embedded in a page that are executed on the client side i.e. user browser rather then at the server
side. These flaws can occur when the application takes untrusted data and send it to the web browser without proper validation.
Attackers can use XSS to execute malicious scripts on the users in this case victim browsers. Since the browser cannot know if the
script is trusty or not, the script will be executed, and the attacker can hijack session cookies, deface websites, or redirect the user to an
unwanted and malicious websites.
XSS is an attack which allows the attacker to execute the scripts on the victim's browser.
Implication:
 Making the use of this security vulnerability, an attacker can inject scripts into the application, can steal session cookies,
deface websites, and can run malware on the victim's machines.
Vulnerable Objects
 Input Fields
 URLs
Examples
1. http://www.vulnerablesite.com/home?"<script>alert("xss")</script>
The above script when run on a browser, a message box will be displayed if the site is vulnerable to XSS.
The more serious attack can be done if the attacker wants to display or store session cookie.
2. http://demo.testfire.net/search.aspx?txtSearch <iframe> <src = http://google.com width = 500 height 500></iframe>
The above script when run, the browser will load an invisible frame pointing to http://google.com.
The attack can be made serious by running a malicious script on the browser.
Recommendations
1. White Listing input fields
2. Input Output encoding
Broken Authentication and Session Management
Description
The websites usually create a session cookie and session ID for each valid session, and these cookies contain sensitive data like
username, password, etc. When the session is ended either by logout or browser closed abruptly, these cookies should be invalidated
i.e. for each session there should be a new cookie.
If the cookies are not invalidated, the sensitive data will exist in the system. For example, a user using a public computer (Cyber
Cafe), the cookies of the vulnerable site sits on the system and exposed to an attacker. An attacker uses the same public computer after
some time, the sensitive data is compromised.
In the same manner, a user using a public computer, instead of logging off, he closes the browser abruptly. An attacker uses the same
system, when browses the same vulnerable site, the previous session of the victim will be opened. The attacker can do whatever he
wants to do from stealing profile information, credit card information, etc.
A check should be done to find the strength of the authentication and session management. Keys, session tokens, cookies should be
implemented properly without compromising passwords.
Vulnerable Objects
 Session IDs exposed on URL can lead to session fixation attack.
 Session IDs same before and after logout and login.
 Session Timeouts are not implemented correctly.
 Application is assigning same session ID for each new session.
 Authenticated parts of the application are protected using SSL and passwords are stored in hashed or encrypted format.
 The session can be reused by a low privileged user.
Implication
 Making use of this vulnerability, an attacker can hijack a session, gain unauthorized access to the system which allows
disclosure and modification of unauthorized information.
 The sessions can be high jacked using stolen cookies or sessions using XSS.
Examples
1. Airline reservation application supports URL rewriting, putting session IDs in the URL:
http://Examples.com/sale/saleitems;jsessionid=2P0OC2oJM0DPXSNQPLME34SERTBG/dest=Maldives (Sale of tickets to
Maldives)
An authenticated user of the site wants to let his friends know about the sale and sends an email across. The friends receive the session
ID and can be used to do unauthorized modifications or misuse the saved credit card details.
2. An application is vulnerable to XSS, by which an attacker can access the session ID and can be used to hijack the session.
3. Applications timeouts are not set properly. The user uses a public computer and closes the browser instead of logging off and
walks away. The attacker uses the same browser some time later, and the session is authenticated.
Recommendations
1. All the authentication and session management requirements should be defined as per OWASP Application Security
Verification Standard.
2. Never expose any credentials in URLs or Logs.
3. Strong efforts should be also made to avoid XSS flaws which can be used to steal session IDs.
Insecure Direct Object References
Description
It occurs when a developer exposes a reference to an internal implementation object, such as a file, directory, or database key as in
URL or as a FORM parameter. The attacker can use this information to access other objects and can create a future attack to access
the unauthorized data.
Implication
 Using this vulnerability, an attacker can gain access to unauthorized internal objects, can modify data or compromise the
application.
Vulnerable Objects
 In the URL.
Examples:
Changing "userid" in the following URL can make an attacker to view other user's information.
http://www.vulnerablesite.com/userid=123 Modified to http://www.vulnerablesite.com/userid=124
An attacker can view others information by changing user id value.
Recommendations:
1. Implement access control checks.
2. Avoid exposing object references in URLs.
3. Verify authorization to all reference objects.
Cross Site Request Forgery
Description
Cross Site Request Forgery is a forged request came from the cross site.
CSRF attack is an attack that occurs when a malicious website, email, or program causes a user's browser to perform an unwanted
action on a trusted site for which the user is currently authenticated.
A CSRF attack forces a logged-on victim's browser to send a forged HTTP request, including the victim's session cookie and any
other automatically included authentication information, to a vulnerable web application.
A link will be sent by the attacker to the victim when the user clicks on the URL when logged into the original website, the data will
be stolen from the website.
Implication
 Using this vulnerability as an attacker can change user profile information, change status, create a new user on admin behalf,
etc.
Vulnerable Objects
 User Profile page
 User account forms
 Business transaction page
Examples
The victim is logged into a bank website using valid credentials. He receives mail from an attacker saying "Please click here to donate
$1 to cause."
When the victim clicks on it, a valid request will be created to donate $1 to a particular account.
http://www.vulnerablebank.com/transfer.do?account=cause&amount=1
The attacker captures this request and creates below request and embeds in a button saying "I Support Cause."
http://www.vulnerablebank.com/transfer.do?account=Attacker&amount=1000
Since the session is authenticated and the request is coming through the bank website, the server would transfer $1000 dollars to the
attacker.
Recommendation
1. Mandate user's presence while performing sensitive actions.
2. Implement mechanisms like CAPTCHA, Re-Authentication, and Unique Request Tokens.
Security Misconfiguration
Description
Security Configuration must be defined and deployed for the application, frameworks, application server, web server, database server,
and platform. If these are properly configured, an attacker can have unauthorized access to sensitive data or functionality.
Sometimes such flaws result in complete system compromise. Keeping the software up to date is also good security.
Implication
 Making use of this vulnerability, the attacker can enumerate the underlying technology and application server version
information, database information and gain information about the application to mount few more attacks.
Vulnerable objects
 URL
 Form Fields
 Input fields
Examples
1. The application server admin console is automatically installed and not removed. Default accounts are not changed. The
attacker can log in with default passwords and can gain unauthorized access.
2. Directory Listing is not disabled on your server. Attacker discovers and can simply list directories to find any file.
Recommendations
1. A strong application architecture that provides good separation and security between the components.
2. Change default usernames and passwords.
 3. Disable directory listings and implement access control checks.
Insecure Cryptographic Storage
Description
Insecure Cryptographic storage is a common vulnerability which exists when the sensitive data is not stored securely.
The user credentials, profile information, health details, credit card information, etc. come under sensitive data information on a
website.
This data will be stored on the application database. When this data are stored improperly by not using encryption or hashing*, it will
be vulnerable to the attackers.
(*Hashing is transformation of the string characters into shorter strings of fixed length or a key. To decrypt the string, the algorithm
used to form the key should be available)
Implication
 By using this vulnerability, an attacker can steal, modify such weakly protected data to conduct identity theft, credit card
fraud or other crimes.
Vulnerable objects
 Application database.
Examples
In one of the banking application, password database uses unsalted hashes * to store everyone's passwords. An SQL injection flaw
allows the attacker to retrieve the password file. All the unsalted hashes can be brute forced in no time whereas, the salted passwords
would take thousands of years.
(*Unsalted Hashes – Salt is a random data appended to the original data. Salt is appended to the password before hashing)
Recommendations
1. Ensure appropriate strong standard algorithms. Do not create own cryptographic algorithms. Use only approved public
algorithms such as AES, RSA public key cryptography, and SHA-256, etc.
2. Ensure offsite backups are encrypted, but the keys are managed and backed up separately.
Failure to restrict URL Access
Description
Web applications check URL access rights before rendering protected links and buttons. Applications need to perform similar access
control checks each time these pages are accessed.
In most of the applications, the privileged pages, locations and resources are not presented to the privileged users.
By an intelligent guess, an attacker can access privilege pages. An attacker can access sensitive pages, invoke functions and view
confidential information.
Implication
 Making use of this vulnerability attacker can gain access to the unauthorized URLs, without logging into the application and
exploit the vulnerability. An attacker can access sensitive pages, invoke functions and view confidential information.
Vulnerable objects:
 URLs
Examples
1. Attacker notices the URL indicates the role as "/user/getaccounts." He modifies as "/admin/getaccounts".
2. An attacker can append role to the URL.
http://www.vulnerablsite.com can be modified as http://www.vulnerablesite.com/admin
Recommendations
1. Implement strong access control checks.
2. Authentication and authorization policies should be role-based.
3. Restrict access to unwanted URLs.
Insufficient Transport Layer Protection
Description
Deals with information exchange between the user (client) and the server (application). Applications frequently transmit sensitive
information like authentication details, credit card information, and session tokens over a network.
By using weak algorithms or using expired or invalid certificates or not using SSL can allow the communication to be exposed to
untrusted users, which may compromise a web application and or steal sensitive information.
Implication
  Making use of this web security vulnerability, an attacker can sniff legitimate user's credentials and gaining access to the
application.
 Can steal credit card information.
Vulnerable objects
 Data sent over the network.
Recommendations
1. Enable secure HTTP and enforce credential transfer over HTTPS only.
2. Ensure your certificate is valid and not expired.
Examples:
1. An application not using SSL, an attacker will simply monitor network traffic and observes an authenticated victim session cookie.
An attacker can steal that cookie and perform Man-in-the-Middle attack.
Unvalidated Redirects and Forwards
Description
The web application uses few methods to redirect and forward users to other pages for an intended purpose.
If there is no proper validation while redirecting to other pages, attackers can make use of this and can redirect victims to phishing or
malware sites, or use forwards to access unauthorized pages.
Implication
 An attacker can send a URL to the user that contains a genuine URL appended with encoded malicious URL. A user by just
seeing the genuine part of the attacker sent URL can browse it and may become a victim.
Examples
1.http://www.vulnerablesite.com/login.aspx?redirectURL=ownsite.com
Modified to
http://www.vulnerablesite.com/login.aspx?redirectURL=evilsite.com
Recommendations
1. Simply avoid using redirects and forwards in the application. If used, do not involve using user parameters in calculating the
destination.
2. If the destination parameters can't be avoided, ensure that the supplied value is valid, and authorized for the user.
This article is contributed by Prasanthi Eati

Top 30 Bug Bounty Programs in 2021

Below is a curated list of Bounty Programs by reputable companies
1) Intel
Intel's bounty program mainly targets the company's hardware, firmware, and software.
Limitations: It does not include recent acquisitions, the company's web infrastructure, third-party products, or anything relating to
McAfee.
Minimum Payout: Intel offers a minimum amount of $500 for finding bugs in their system.
Maximum Payout: The Company pays $30,000 maximum for detecting critical bugs.
Bounty Link: https://security-center.intel.com/BugBountyProgram.aspx
2) Yahoo
Yahoo has its dedicated team that accepts vulnerability reports from security researchers and ethical hackers.
Limitations: The Company does not offer any reward for finding bugs in yahoo.net, Yahoo 7 Yahoo Japan, Onwander and Yahoo
operated Word press blogs.
Minimum Payout: There is no set limit on Yahoo for minimum payout.
Maximum Payout: Yahoo can pay $15000 for detecting important bugs in their system.
Bounty Link:https://safety.yahoo.com/Security/REPORTING-ISSUES.html
3) Snapchat
Snapchat security team reviews all vulnerability reports and acts upon them by responsible disclosure. The company, we will
acknowledge your submission within 30 days.
Minimum Payout: Snapchat will pay minimum $2000.
Maximum Payout: Maximum they will pay is $15,000.
Bounty Link:https://support.snapchat.com/en-US/i-need-help
4) Cisco
Cisco encourages individuals or organization that are experiencing a product security issue to report them to the company.
Minimum Payout: Cisco's minimum payout amount is $100.
Maximum Payout: Company will give maximum $2,500 to finding serious vulnerabilities.
Bounty Link: https://tools.cisco.com/security/center/resources/security_vulnerability_policy.html
5) Dropbox
Dropbox bounty program allows security researchers to report bugs and vulnerabilities on the third party service HackerOne.
Minimum Payout: The minimum amount paid is $12,167.
Maximum Payout: The maximum amount offered is $32,768.
Bounty Link: https://help.dropbox.com/accounts-billing/security/how-security-works
6) Apple
When Apple first launched its bug bounty program it allowed just 24 security researchers. The framework then expanded to include
more bug bounty hunters.
The company will pay $100,000 to those who can extract data protected by Apple's Secure Enclave technology.
Minimum Payout: There is no limited amount fixed by Apple Inc.
Maximum payout: The highest bounty given by Apple is $200,000 for security issues affecting its firmware.
Bounty Link: https://support.apple.com/en-au/HT201220
7) Facebook
Under Facebook's bug bounty program users can report a security issue on Facebook, Instagram, Atlas, WhatsApp, etc.
Limitations: There are a few security issues that the social networking platform considers out-of-bounds.
Minimum Payout: Facebook will pay a minimum of $500 for a disclosed vulnerability.
Maximum Payout: There is no upper limit fixed by Facebook for the Payout.
Bounty Link: https://www.facebook.com/whitehat/
8) Google
Every content in the .google.com, .blogger, youtube.com are open for Google's vulnerability rewards program.
Limitations: This bounty program only covers design and implementation issues.
Minimum Payout: Google will pay minimum $300 for finding security threads.
Maximum Payout: Google will pay the highest bounty of $31.337 for normal Google applications.
Bounty Link: https://www.google.com/about/appsecurity/reward-program/
9) Quora
Quora offers Bug Bounty program to all users and researchers to find and report security vulnerabilities.
Minimum Payout: Quora will pay minimum $100 for finding vulnerabilities on their site.
Maximum Payout: Maximum payout offered by this site is $7000.
Bounty Link: https://engineering.quora.com/Security-Bug-Bounty-Program
10) Mozilla
Mozilla rewards for vulnerability discoveries by ethical hackers and security researchers.
Limitations: The bounty is offered only for bugs in Mozilla services, such as Firefox, Thunderbird and other related applications and
services.
Minimum Payout: Minium amount given by Firefox is $500.
Maximum Payout: The Company is paying a maximum of $5000.
Bounty Link: https://www.mozilla.org/en-US/security/bug-bounty/
11) Microsoft
Microsoft's current bug bounty program was officially launched on 23rd September 2014 and deals only with Online Services.
Limitations: The bounty reward is only given for the critical and important vulnerabilities.
Minimum Payout: Microsoft ready to pay $15,000 for finding critical bugs.
Maximum Payout: Maximum amount can be $250,000.
Bounty Link: https://technet.microsoft.com/en-us/library/dn425036.aspx
12) OpenSSL
OpenSSL bounty allows you to report vulnerabilities using secure email (PGP Key). You can also report vulnerabilities to the
OpenSSL Management Committee.
Minimum Payout: The Company pays minimum bounty rewards of $500.
Maximum Payout: The highest amount given by the company is $5000.
Bounty Link: https://www.openssl.org/news/vulnerabilities.html
13) Vimeo
Vimeo welcomes any security vulnerability reporting in their products as the company pays good rewards to that person.
Minimum payout: The Company will pay minimum $500
Maximum Payout: The maximum amount paid by this company is $5000.
Bounty Link: https://vimeo.com/about/security
14) Apache
Apache encourages ethical hackers to report security vulnerabilities to one of their private security mailing lists.
Minimum payout: The minimum pay out amount given by Apache is $500.
Maximum Payout: This Company can maximum give a reward of $3000.
Bounty Link: https://www.apache.org/security/
15) Twitter
Twitter allows security researchers and experts about possible security vulnerabilities in their services. The company encourages
people to find bugs.
Minimum Payout: Twitter is paying minimum $140 amount.
Maximum Payout: Maximum amount pay by the company is $15000.
Bounty Link: https://support.twitter.com/articles/477159
16) Avast
Avast bounty program rewards ethical hackers and security researchers to report Remote code execution, Local privilege escalation,
DOS, scanner bypass amongst other issues.
Minimum Payout: Avast can pay you the minimum amount of $400.
Maximum Payout: The maximum amount offered by the company is $10,000.
Bounty Link: https://www.avast.com/bug-bounty
17) Paypal
Payment gateway service Paypal also offers bug bounty programs for security researchers.
Limitations:
Vulnerabilities dependent upon social engineering techniques, Host Header
Denial of service (DOS), User defined payload, Content spoofing without embedded links/HTM and Vulnerabilities which require a
jailbroken mobile device, etc.
Minimum Payout: Paypal can pay minimum $50 for finding security vulnerabilities in their system.
Maximum Payout: Maximum payout amount given by Paypal is $10000.
Bounty Link: https://hackerone.com/paypal
18) GitHub
GitHub's runs bug bounty program since 2013. Every successful participant earned points for their vulnerability submissions
depending on the severity.
Limitation: The security researcher will receive that bounty only if they respect users' data and don't exploit any issue to produce an
attack that could harm the integrity of GitHub's services or information.
Minimum Payout: Github pays a minimum amount of $200 for finding bugs.
Maximum Payout: Github can pay $10000 for finding critical bugs.
Bounty Link: https://bounty.github.com/
19) Uber
The vulnerability rewards program of Uber primarily focused on protecting the data of users and its employees.
Minimum Payout: There is no predetermined minimum amount.
Maximum Payout: Uber will pay you $10,000 for finding critical bug issues.
Bounty Link: https://eng.uber.com/bug-bounty-map/
20) Magento
Magneto bounty program allows you to report security vulnerabilities in Magneto software or websites.
Limitations:
Following security research is not eligible for the bounty
 Potential or actual denial of service of Magento applications and systems.
  Use of an exploit to view data without authorization.
 Automated/scripted testing of web forms
Minimum Payout: Minimum payout amount for this is bounty program is $100.
Maximum Payout: Magento is paying maximum $10,000 for finding critical bugs.
Bounty Link: https://magento.com/security
21) Perl
Perl is also running bug bounty programs. If someone found a security vulnerability in Perl, they can contact the company.
Minimum Payout: The Company pays a minimum amount of $500.
Maximum Payout: The highest amount given by Perl is $1500.
Bounty Link: http://perldoc.perl.org/perlsec.html#SECURITY-VULNERABILITY-CONTACT-INFORMATION
22) PHP
PHP allows ethical hackers to find a bug in their site.
Limitations: You need to check the list of already finding bugs. If you not follow this instruction your bug is not considered.
Maximum Payout: Minimum Payout amount is $500.
Minimum Payout: Maximum $1500 is given by PHP for searching important bugs.
Bounty Link: https://bugs.php.net/report.php?bug_type=Security
23) Starbucks
Starbucks runs bug Bounty program to protect their customers. They encourage to find malicious activity in their networks, web and
mobile applications policies.
Minimum Payout: The minimum amount paid by Starbucks $100.
Maximum Payout: The maximum amount goes up to $4000.
Bounty Link: https://www.starbucks.com/whitehat
24) AT&T
AT&T also has its bug hunting channel. Developers and security experts can research the various platforms like websites, APIs, and
mobile applications.
Minimum Payout: Minimum Amount Paid by them is $500.
Maximum Payout: There is no such upper limit for payout.
Bounty Link: https://bugbounty.att.com/
25) LinkedIn
The LinkedIn welcomes Individual researchers who contribute their expertise and time to find bugs.
The company will reward you, but neither minimum nor maximum amount is a fix for this purpose.
Bounty Link: https://security.linkedin.com/posts/2015/private-bug-bounty-program
26) Paytm
Paytm invites independent security groups or individual researchers to study it across all platforms
Limitations:
 Reports that state that software is out of date/vulnerable without a 'Proof of Concept.'
 XSS issues that affect only outdated browsers.
 Stack traces that disclose information.
 Any fraud issues
Minimum Payout: The Company will pay minimum $15 for finding bugs.
Maximum Payout: This company does not fix the upper limit.
Bounty Link: https://paytm.com/offer/bug-bounty/
27) Shopify
Shopify's Whitehat program rewards security researchers for finding severe security vulnerabilities
Minimum Payout: The minimum amount paid by the Shopify is $500.
Maximum Payout: There is no fix upper limit for paying the bounty.
Bounty Link: https://www.shopify.in/whitehat
28) Word Press
WordPress also welcomes security researchers to report about the bugs that they have found.
Minimum Payout: WordPress Pays $150 minimum for reporting bugs on their site.
Maximum Payout: The Company does not fix a maximum limit to pay as bounty.
Bounty Link: https://make.wordpress.org/core/handbook/testing/reporting-bugs/
29) Zomato
Zomato helps security researcher to identified security-related issues with company's website or apps.
Minimum Payout: Zomato will pay minimum $1000 for finding important bugs.
Maximum Payout: There is no maximum fix amount.
Bounty Link: https://www.zomato.com/security
30) Tor Project
Tor Project's bug bounty program covers two of its core services: its network daemon and browser.
Limitation: OpenSSL applications are excluded from this scope.
Minimum Payout: The minimum amount paid by them is $100.
Maximum Payout: The Company will pay you maximum $4000.
(No link available) Bounty Link: security@lists.torproject.org
31) Hackerone
HackerOne is one of the biggest vulnerability coordination and bug bounty platform. It helps companies to protect their consumer data
by working with the global research community for finding most relevant security issues. Many known companies like Yahoo,
Shopify, PHP, Google, Snapchat, and Wink are taking the service of this website to give a reward to security researchers and ethical
hackers.
Bounty Link: https://hackerone.com/bug-bounty-programs
32) Bugcrowd
A powerful platform connecting the global security researcher community to the security market. This site aims to provide right mix
and type of researcher suited according to the specific website to their worldwide clients. The hackers just need to select their reports
on this site, and if they can detect right bugs, the specific company will pay the amount to that person.
Bounty Link: https://www.bugcrowd.com/bug-bounty-list/

Kali Linux Tutorial: What is, Install, Utilize Metasploit and Nmap
What is Kali Linux?
KALI LINUX is a security distribution of Linux derived from Debian and specifically designed for computer forensics and advanced
penetration testing. It was developed through rewriting of BackTrack by Mati Aharoni and Devon Kearns of Offensive Security. Kali
Linux contains several hundred tools that are well-designed towards various information security tasks, such as penetration testing,
security research, computer forensics and reverse engineering.
BackTrack was their previous information security Operating System. The first iteration of Kali Linux was Kali 1.0.0 was introduced
in March 2013. Offensive Security currently funds and supports Kalin Linux. If you were to visit Kali's website today (www.kali.org),
you would see a large banner stating, "Our Most Advanced Penetration Testing Distribution, Ever." A very bold statement that
ironically has yet to be disproven.
Kali Linux has over 600 preinstalled penetration-testing applications to discover. Each program with its unique flexibility and use
case. Kali Linux does excellent job separating these useful utilities into the following categories:

What is JVM (Java Virtual Machine) with Architecture JAVA Programming Tutorial

1. Information Gathering
2. Vulnerability Analysis
3. Wireless Attacks
4. Web Applications
5. Exploitation Tools
6. Stress Testing
7. Forensics Tools
8. Sniffing & Spoofing
9. Password Attacks
10. Maintaining Access
 11. Reverse Engineering
12. Reporting Tools
13. Hardware Hacking
In this beginners tutorial, you will learn:
 What is Kali Linux?
 Who uses Kali Linux and Why?
 Kali Linux Installation Methods
 Install Kali Linux using Virtual Box
 Getting Started with Kali Linux GUI
 What is Nmap?
o Nmap Target Selection
 How to Perform a Basic Nmap Scan on Kali Linux
o Nmap OS Scan
 What is Metasploit?
o Metasploit and Nmap
o Metasploit Exploit Utility
Who uses Kali Linux and Why?
Kali Linux is truly a unique operating system, as its one of the few platforms openly used by both good guys and bad guys. Security
Administrators, and Black Hat Hackers both use this operating system extensively. One to detect and prevent security breaches, and
the other to identify and possibly exploit security breaches. The number of tools configured and preinstalled on the operating system,
make Kali Linux the Swiss Army knife in any security professionals toolbox.
Professionals that use Kali Linux
1. Security Administrators – Security Administrators are responsible for safeguarding their institution's information and data.
They use Kali Linux to review their environment(s) and ensure there are no easily discoverable vulnerabilities.
2. Network Administrators – Network Administrators are responsible for maintaining an efficient and secure network. They use
Kali Linux to audit their network. For example, Kali Linux has the ability to detect rogue access points.
3. Network Architects – Network Architects, are responsible for designing secure network environments. They utilize Kali
Linux to audit their initial designs and ensure nothing was overlooked or misconfigured.
4. Pen Testers – Pen Testers, utilize Kali Linux to audit environments and perform reconnaissance on corporate environments
which they have been hired to review.
5. CISO – CISO or Chief Information Security Officers, use Kali Linux to internally audit their environment and discover if any
new applications or rouge configurations have been put in place.
6. Forensic Engineers – Kali Linux posses a "Forensic Mode", which allows a Forensic Engineer to perform data discovery and
recovery in some instances.
7. White Hat Hackers – White Hat Hackers, similar to Pen Testers use Kali Linux to audit and discover vulnerabilities which
may be present in an environment.
8. Black Hat Hackers – Black Hat Hackers, utilize Kali Linux to discover and exploit vulnerabilities. Kali Linux also has
numerous social engineer applications, which can be utilized by a Black Hat Hacker to compromise an organization or
individual.
9. Grey Hat Hackers – Grey Hat Hackers, lie in between White Hat and Black Hat Hackers. They will utilize Kali Linux in the
same methods as the two listed above.
10. Computer Enthusiast – Computer Enthusiast is a pretty generic term, but anyone interested in learning more about
networking or computers, in general, can use Kali Linux to learn more about Information Technology, networking, and
common vulnerabilities.
Kali Linux Installation Methods
Kali Linux can be installed using the following methods:
Ways to Run Kali Linux:
1. Directly on a PC, Laptop – Utilizing a Kali ISO image, Kali Linux can be installed directly onto a PC or Laptop. This method
is best if you have a spare PC and are familiar with Kali Linux. Also, if you plan or doing any access point testing, installing
Kali Linux directly onto Wi-Fi enabled laptop is recommended.
 2. Virtualized (VMware, Hyper-V, Oracle VirtualBox, Citrix) – Kali Linux supports most known hypervisors and can be easily
into the most popular ones. Pre-configured images are available for download from https://www.kali.org/, or an ISO can be
used to install the operating system into the preferred hypervisor manually.
3. Cloud (Amazon AWS, Microsoft Azure) – Given the popularity of Kali Linux, both AWS and Azure provide images for Kali
Linux.

4. USB Boot Disc – Utilizing Kali Linux's ISO, a boot disc can be created to either run Kali Linux on a machine without
actually installing it or for Forensic purposes.
5. Windows 10 (App) – Kali Linux can now natively run on Windows 10, via the Command Line. Not all features work yet as
this is still in beta mode.

6. Mac (Dual or Single boot) – Kali Linux can be installed on Mac, as a secondary operating system or as the primary. Parallels
or Mac's boot functionality can be utilized to configure this setup.
Install Kali Linux using Virtual Box
The easiest method and arguably the most widely used is installing Kali Linux and running it from Oracle's VirtualBox.
This method allows you to continue to use your existing hardware while experimenting with the featured enriched Kali Linux in a
completely isolated environment. Best of all everything is free. Both Kali Linux and Oracle VirtualBox are free to use. This tutorial
assumes you have already installed Oracle's VirtualBox on your system and have enabled 64-bit Virtualization via the Bios.
Step 1) Go to https://www.kali.org/downloads/
This will download an OVA image, which can be imported into VirtualBox
Step 2) Open the Oracle VirtualBox Application, and from the File, Menu select Import Appliance
File Menu -> Import Appliance

Step 3) On the following screen "Appliance to Import" Browse to the location of the downloaded OVA file and click Open
Step 4) Once you click Open, you will be taken back to the "Appliance to Import" simply click Next
Step 5) The following screen "Appliance Settings" displays a summary of the systems settings, leaving the default settings is fine. As
shown in the screenshot below, make a note of where the Virtual Machine is located and then click Import.
Step 6) VirtualBox will now Import the Kali Linux OVA appliance. This process could take anywhere from 5 to 10 minutes to
complete.
Step 7) Congratulations, Kali Linux has been successfully installed on VirtualBox. You should now see the Kali Linux VM in the
VirtualBox Console. Next, we'll take a look at Kali Linux and some initial steps to perform.
Step 8) Click on the Kali Linux VM within the VirtualBox Dashboard and click Start, this will boot up the Kali Linux Operating
System.
Step 9) On the login screen, enter "Root" as the username and click Next.
Step 10) As mentioned earlier, enter "toor" as the password and click SignIn.
You will now be present with the Kali Linux GUI Desktop. Congratulations you have successfully logged into Kali Linux.

Getting Started with Kali Linux GUI

The Kali Desktop has a few tabs you should initially make a note of and become familiar with. Applications Tab, Places Tab, and
the Kali Linux Dock.
Applications Tab – Provides a Graphical Dropdown List of all the applications and tools pre-installed on Kali Linux. Reviewing
the Applications Tab is a great way to become familiar with the featured enriched Kali Linux Operating System. Two applications
we'll discuss in this tutorial are Nmap and Metasploit. The applications are placed into different categories which makes searching for
an application much easier.
Accessing Applications
Step 1) Click on Applications Tab
Step 2) Browse to the particular category you're interested in exploring
Step 3) Click on the Application you would like to start.
Places Tab – Similar to any other GUI Operating System, such as Windows or Mac, easy access to your Folders, Pictures and My
Documents is an essential component. Places on Kali Linux provides that accessibility that is vital to any Operating System. By
default, the Places menu has the following tabs, Home, Desktop, Documents, Downloads, Music, Pictures, Videos, Computer and
Browse Network.
Accessing Places
Step 1) Click on the Places Tab
Step 2) Select the location you would like to access.
Kali Linux Dock – Similar to Apple Mac's Dock or Microsoft Windows Task Bar, the Kali Linux Dock provides quick access to
frequently used / favorite applications. Applications can be added or removed easily.
To Remove an Item from the Dock
Step 1) Right-Click on the Dock Item
Step 2) Select Remove From Favorites

To Add Item to Dock

Adding an item to the Dock is very similar to removing an item from the Dock
Step 1) Click on the Show Applications button at the bottom of the Dock
Step 2) Right Click on Application
Step 3) Select Add to Favorites
Once completed the item will be displayed within the Dock
Kali Linux has many other unique features, which makes this Operating System the primary choice by Security Engineers and
Hackers alike. Unfortunately, covering them all is not possible within this tutorial; however, you should feel free to explore the
different buttons displayed on the desktop.
What is Nmap?
Network Mapper, better known as Nmap for short is a free, open-source utility used for network discovery and vulnerability scanning.
Security professionals use Nmap to discover devices running in their environments. Nmap also can reveal the services, and ports each
host is serving, exposing a potential security risk. At the most basic level, consider Nmap, ping on steroids. The more advanced your
technical skills evolve the more usefulness you'll find from Nmap
Nmap offers the flexibility to monitor a single host or a vast network consisting of hundreds if not thousands of devices and subnets.
The flexibility Nmap offers has evolved over the years, but at its core, it's a port-scanning tool, which gathers information by sending
raw packets to a host system. Nmap then listens for responses and determines if a port is open, closed or filtered.
The first scan you should be familiar with is the basic Nmap scan that scans the first 1000 TCP ports. If it discovers a port listening it
will display the port as open, closed, or filtered. Filtered meaning a firewall is most likely in place modifying the traffic on that
particular port. Below is a list of Nmap commands which can be used to run the default scan.
Nmap Target Selection

Scan a single IP nmap 192.168.1.1

Scan a host nmap www.testnetwork.com

Scan a range of IPs nmap 192.168.1.1-20

Scan a subnet nmap 192.168.1.0/24

Scan targets from a text file nmap -iL list-of-ipaddresses.txt

How to Perform a Basic Nmap Scan on Kali Linux
To run a basic Nmap scan in Kali Linux, follow the steps below. With Nmap as depicted above, you have the ability to scan a single
IP, a DNS name, a range of IP addresses, Subnets, and even scan from text files. For this example, we will scan the localhost IP
address.
Step 1) From the Dock menu, click on the second tab which is the Terminal
Step 2) The Terminal window should open, enter the command ifconfig, this command will return the local IP address of your Kali
Linux system. In this example, the local IP address is 10.0.2.15
Step 3) Make a note of the local IP Address
Step 4) In the same terminal window, enter nmap 10.0.2.15, this will scan the first 1000 ports on the localhost. Considering this is the
base install no ports should be open.
Step 5) Review results

By default, nmap only scans the first 1000 ports. If you needed to scan the complete 65535 ports, you would simply modify the above
command to include -p-.
Nmap 10.0.2.15 -p-
Nmap OS Scan
Another basic but useful feature of nmap is the ability to detect the OS of the host system. Kali Linux by default is secure, so for this
example, the host system, which Oracle's VirtualBox is installed on, will be used as an example. The host system is a Windows 10
Surface. The host system's IP address is 10.28.2.26.
In the Terminal window enter the following nmap command:
nmap 10.28.2.26 – A
Review results
Adding -A tells nmap to not only perform a port scan but also try to detect the Operating System.
Nmap is a vital utility in any Security Professional toolbox. Use the command nmap -h to explore more options and commands on
Nmap.
What is Metasploit?
The Metasploit Framework is an open source project that provides a public resource for researching vulnerabilities and developing
code that allows security professionals the ability to infiltrate their own network and identify security risk and vulnerabilities.
Metasploit was recently purchased by Rapid 7 (https://www.metasploit.com). However, the community edition of Metasploit is still
available on Kali Linux. Metasploit is by far the world's most used Penetration utility.
It is important that you are careful when using Metasploit because scanning a network or environment that is not yours could be
considered illegal in some instances. In this tutorial, we'll show you how to start Metasploit and run a basic scan on Kali Linux.
Metasploit is considered an advance utility and will require some time to become adept, but once familiar with the application it will
be an invaluable resource.
Metasploit and Nmap
Within Metasploit, we can actually utilize Nmap. In this case, you'll learn how to scan your local VirtualBox subnet from Metasploit
using the Nmap utility we just learned about.
Step 1) On the Applications Tab, scroll down to 08-Exploitation Tools and then select Metasploit
Step 2) A terminal box will open, with MSF in the dialog, this is Metasploit
Step 3) Enter the following command
db_nmap -V -sV 10.0.2.15/24
(be sure to replace 10.0.2.15 with your local IP address)
Here:
db_ stands for database
-V Stands for verbose mode
-sV stands for service version detection
Metasploit Exploit Utility
Metasploit very robust with its features and flexibility. One common use for Metasploit is the Exploitation of Vulnerabilities. Below
we'll go through the steps of reviewing some exploits and trying to exploit a Windows 7 Machine.
Step 1) Assuming Metasploit is still open enter Hosts -R in the terminal window. This adds the hosts recently discovered to
Metasploit database.
Step 2) Enter "show exploits", this command will provide a comprehensive look at all the exploits available to Metasploit.

Step 3) Now, try to narrow down the list with this command: search name: Windows 7, this command searches the exploits which
specifically include windows 7, for the purpose of this example we will try to exploit a Windows 7 Machine. Depending on your
environment, you will have to change the search parameters to meet your criteria. For example, if you have Mac or another Linux
machine, you will have to change the search parameter to match that machine type.
Step 4) For the purposes of this tutorial we will use an Apple Itunes vulnerability discovered in the list. To utilize the exploit, we
must enter the complete path which is displayed in the list: use exploit/windows/browse/apple_itunes_playlist

Step 5) If the exploit is successful the command prompt will change to display the exploit name followed by > as depicted in the
below screenshot.
Step 6) Enter show options to review what options are available to the exploit. Each exploit will, of course, have different options.
Summary
In sum, Kali Linux is an amazing operating system that is widely used by various professionals from Security Administrators, to Black
Hat Hackers. Given its robust utilities, stability, and ease of use, it's an operating system everyone in the IT industry and computer
enthusiast should be familiar with. Utilizing just the two applications discussed in this tutorial will significantly aid a firm in securing
their Information Technology infrastructure. Both Nmap and Metasploit are available on other platforms, but their ease of use and pre-
installed configuration on Kali Linux makes Kali the operating system of choice when evaluating and testing the security of a
network. As stated previously, be careful using the Kali Linux, as it should only be used in network environments which you control
and or have permission to test. As some utilities, may actually cause damage or loss of data.

13 BEST Operating System for Hacking in 2021

Ethical hacking is identifying weaknesses in computer systems or networks to exploit its vulnerabilities so they can be fixed later.
Hackers use various techniques to identify threats and thereby increase the security of the device. These people can utilize Linux
based operating system to hack PC or network. It contains a wide range of applications to prevent cybersecurity attacks.
Following is a handpicked list of Top OS for Hacking with their popular features and download links.
1) Kali Linux    
Kali Linux is a Security Distribution of Linux specifically designed for digital forensics and penetration testing. It has over 600
preinstalled penetration-testing applications (cyber-attack performs against computer vulnerability). This OS can be run on Windows
as well as Mac OS.

Features:
 It can be used for penetration testing.
 This platform is available in 32 bits as well as 64 bits.
 Kali Linux can be updated without the need to download a new version.
 This OS can encrypt the full disk.
 You can easily automate and customize the Kali Linux installation on the network.
 Support for USB live installs.
 It has a forensics mode that can be used for forensic work.
Link: https://www.kali.org/

2) Parrot OS
Parrot OS is a platform for hacking. It has an easy to use editor for software development. This platform enables you to surf the web
privately and securely. Hackers can use Parrot OS to perform vulnerability assessment, penetration testing, computer forensics, and
more.
Features:
 It is available as lightweight software that runs with limited resources.
 You can read and change the source code the way you like.
 Provides support of experts to help you in cybersecurity.
 It has distributed infrastructure with dedicated CDNs (Content Distribution Network).
 You can share this operating system with others.
Link: https://parrotlinux.org/

3) BackBox    
BackBox is an Ubuntu based open-source Operating System that offers a penetration test and security assessment facility. This system
also provides a network analysis toolkit for security in the IT environment. It contains a toolkit that is needed for ethical hacking.

Features:
 It helps you with computer forensic analysis, vulnerability assessment, etc.
 Design with accuracy to avoid redundancies.
 It consumes the minimum resource of your system.
 Provides easy to use the desktop environment.
 Enables you to simulate an attack on application or network.
 It offers stability and speed.
Link: https://www.backbox.org/

4) BlackArch    
BlackArch is a free Linux based platform that contains a wide range of tools for automation, mobile, networking, etc. It is an open-
source Operating System that is specially created for security researchers and penetration testers. You can install it individually or in a
group.

Features:
 It offers live ISO (International Organization for Standardization) with multiple window managers.
 This operating system can be run using limited resources.
 Supports more than one architecture.
 The installer can be built from the source.
Link: https://blackarch.org/

5) Fedora Security Lab

Fedora Security environment enables you to work on security auditing, forensics, and hacking. It comes with a clean and fast desktop
environment. This OS contains essential networking tools like Wireshark, Medusa, Sqlninja, Yersinia, and more. Fedora Security
environment makes pen-testing and security testing simple.
Features:
 It has a customized menu that offers all the instructions needed to follow the right test path.
 This tool can make Live USB creator (a full operating system that can be booted)
 You can save your test result permanently.
 It creates a live image to make it possible to install software while running.
Link: https://labs.fedoraproject.org/en/security/

6) Dracos Linux    
Dracos Linux is an open-source OS that offers penetration testing. It is packed with a wide range of tools, like forensics, information
gathering, malware analysis, and more.

Features:
 Everyone can use this platform to study, modify, and redistribute.
 Dracos Linux is a fast OS to perform malware analysis.
 This OS does not collect your sensitive personal data.
 It makes it easy for ethical hackers to perform security research.
Link: https://www.dracos-linux.org/

7) Bugtraq    
Bugtraq is an OS that contains a wide range of pen-testing tools, including malware testing tools, mobile forensic tools, etc. It is easy
to use services and products. This environment provides friendly service with innovations. Bugtraq helps hackers to monitor the
system in real time.

Features:
 The Bugtraq system offers the most comprehensive, optimal.
 It is based on 3.2, and 3.4 kernels
 Anyone can use this platform with ease.
 Install this platform from a USB drive or live DVD.
 Supports numerous languages.
 Available in both 32 bit and 64 bits.
Link: http://www.bugtraq-apps.com/

8) CAINE
CAINE is an Ubuntu-based app that offers a complete forensic environment that provides a graphical interface. This operating system
can be integrated into existing software tools as a module. It automatically extracts a timeline from RAM.
Features:
 It is an open-source project.
 CAINE blocks all the devices in read-only mode.
 You can integrate this OS into existing software.
 An environment supports the digital investigator during the digital investigation.
 You can customize features of CAINE.
 It offers a user-friendly operating system.
Link: https://www.caine-live.net/

9) Samurai Web Testing Framework    

Samurai Web Testing Framework is a virtual machine that is supported on VMWare (cloud computing software) VirtualBox
(virtualization product). This live Linux environment is configured to perform web pen-testing. It contains various tools for attacking
websites.

Features:
 It is an open-source project
 Samurai Web Testing Framework focuses on attacking websites.
 It is pre-configured for a web pen-testing environment.
 Features that can be used for focusing on attacking the website.
 It contains tools like WebScarab (web security application testing tool) and ratproxy (Web proxy server) tool.
Link: http://www.samurai-wtf.org/

10) Network Security Toolkit (NST)

Network Security Toolkit (NST) is a Linux-based Live USB/DVD flash drive. It offers free and open-source network and computer
security tools that can be used for hacking. This distribution is used by hackers to perform routine security and network traffic
monitoring task.

Features:
 You can easily access open-source network security applications.
 It has easy to use WUI (Web User Interface).
 Network Security Toolkit can be used as a network security analysis validation.
 It contains monitoring on a virtual server having virtual machines.
Link: https://www.networksecuritytoolkit.org/nst/index.html

11) DEFT Linux

DEFT Linux or Digital Evidence & Forensics Toolkit Linux OS designed for hacking and computer forensic. This platform can be
used on a live system without corrupting devices. It contains tools for incident response and computer forensic. These tools can be
used by IT auditors, hackers, investigators, etc.
Features:
 It has a hardware detection facility.
 This environment has open-source applications for investigation.
 It gives two selection of major view packages and all tracked packages.
Link: https://distrowatch.com/

12) DemonLinux    

DemonLinux is a Linux distribution that is used for hacking. It has a lightweight desktop environment. This platform comes with a
dark theme and a user-friendly user interface. DemonLinux helps you to search or open anything by pressing just one key.
Features:
 You can instantly search the needed things by pressing the Windows key.
 It has a simple dock design (a bar located at the bottom of the OS).
 Works with Firefox and Google Chrome.
 Easily record desktop or take a screenshot using a quick access menu to save time.
Link: https://www.demonlinux.com/

13) ArchStrike    
ArchStrike is an OS that can be used for security professionals and researchers. It follows Arch Linux OS standards to maintain
packages properly. This environment can be used for pen testing and security layer. You can easily install or remove it without any
problem.

Features:
 It gives two selection of major view packages and all tracked packages.
 This environment includes open source applications for investigation.
 It has a hardware detection facility.
Link: https://archstrike.org/

Top 25 Ethical Hacking Interview Questions and Answers

We have prepared the most important Ethical Hacking interview questions to help you prepare for the job interview. This detailed
guide of interview questions for Ethical Hacking will help you to crack your Job interview. In this list of Ethical Hacker interview
questions, we have covered all commonly asked basic and advanced hacking interview questions.
 Download Ethical hacking questions with answers PDF
1) Explain what is Ethical Hacking?
Ethical Hacking is when a person is allowed to hacks the system with the permission of the product owner to find weakness in a
system and later fix them.
2) What is the difference between IP address and Mac address?
IP address: To every device IP address is assigned, so that device can be located on the network. In other words IP address is like
your postal address, where anyone who knows your postal address can send you a letter.
MAC (Machine Access Control) address: A MAC address is a unique serial number assigned to every network interface on every
device. Mac address is like your physical mail box, only your postal carrier (network router) can identify it and you can change it by
getting a new mailbox (network card) at any time and slapping your name (IP address) on it.
3) List out some of the common tools used by Ethical hackers?

 Meta Sploit
 Wire Shark
 NMAP
 John The Ripper
 Maltego
4) What are the types of ethical hackers?
The types of ethical hackers are
 Grey Box hackers or Cyberwarrior
 Black Box penetration Testers
 White Box penetration Testers
 Certified Ethical hacker
5) What is footprinting in ethical hacking? What is the techniques used for footprinting?
Footprinting refers accumulating and uncovering as much as information about the target network before gaining access into any
network. The approach adopted by hackers before hacking
 Open Source Footprinting : It will look for the contact information of administrators that will be used in guessing the
password in Social engineering
 Network Enumeration : The hacker tries to identify the domain names and the network blocks of the target network
 Scanning : Once the network is known, the second step is to spy the active IP addresses on the network. For identifying
active IP addresses (ICMP) Internet Control Message Protocol is an active IP addresses
 Stack Fingerprinting : Once the hosts and port have been mapped by scanning the network, the final footprinting step can be
performed. This is called Stack fingerprinting.

6) Explain what is Brute Force Hack?

Brute force hack is a technique for hacking password and get access to system and network resources, it takes much time, it needs a
hacker to learn about JavaScripts. For this purpose, one can use tool name “Hydra”.
7) Explain what is DOS (Denial of service) attack? What are the common forms of DOS attack?
Denial of Service, is a malicious attack on network that is done by flooding the network with useless traffic. Although, DOS does not
cause any theft of information or security breach, it can cost the website owner a great deal of money and time.
 Buffer Overflow Attacks
 SYN Attack
 Teardrop Attack
 Smurf Attack
 Viruses
8) Explain what is SQL injection?
SQL is one of the technique used to steal data from organizations, it is a fault created in the application code. SQL injection happens
when you inject the content into a SQL query string and the result mode content into a SQL query string, and the result modifies the
syntax of your query in ways you did not intend.
9) What are the types of computer based social engineering attacks? Explain what is Phishing?
Computer based social engineering attacks are
 Phishing
 Baiting
 On-line scams
Phishing technique involves sending false e-mails, chats or website to impersonate real system with aim of stealing information from
original website.
10) Explain what is Network Sniffing?
A network sniffer monitors data flowing over computer network links. By allowing you to capture and view the packet level data on
your network, sniffer tool can help you to locate network problems. Sniffers can be used for both stealing information off a network
and also for legitimate network management.
11) Explain what is ARP Spoofing or ARP poisoning?
ARP (Address Resolution Protocol) is a form of attack in which an attacker changes MAC ( Media Access Control) address and
attacks an internet LAN by changing the target computer’s ARP cache with a forged ARP request and reply packets.
12) How you can avoid or prevent ARP poisoning?
ARP poisoning can be prevented by following methods
 Packet Filtering : Packet filters are capable for filtering out and blocking packets with conflicting source address information
 Avoid trust relationship : Organization should develop protocol that rely on trust relationship as little as possible
 Use ARP spoofing detection software : There are programs that inspects and certifies data before it is transmitted and blocks
data that is spoofed
 Use cryptographic network protocols : By using secure communications protocols like TLS, SSH, HTTP secure prevents
ARP spoofing attack by encrypting data prior to transmission and authenticating data when it is received
13) What is Mac Flooding?
Mac Flooding is a technique where the security of given network switch is compromised. In Mac flooding the hacker or attacker
floods the switch with large number of frames, then what a switch can handle. This make switch behaving as a hub and transmits all
packets at all the ports. Taking the advantage of this the attacker will try to send his packet inside the network to steal the sensitive
information.
14) Explain what is DHCP Rogue Server?
A Rogue DHCP server is DHCP server on a network which is not under the control of administration of network staff. Rogue DHCP
Server can be a router or modem. It will offer users IP addresses , default gateway, WINS servers as soon as user’s logged in. Rogue
server can sniff into all the traffic sent by client to all other networks.
15) Explain what is Cross-site scripting and what are the types of Cross site scripting?
Cross site scripting is done by using the known vulnerabilities like web based applications, their servers or plug-ins users rely upon.
Exploiting one of these by inserting malicious coding into a link which appears to be a trustworthy source. When users click on this
link the malicious code will run as a part of the client’s web request and execute on the user’s computer, allowing attacker to steal
information.
There are three types of Cross-site scripting
 Non-persistent
 Persistent
 Server side versus DOM based vulnerabilities
16) Explain what is Burp Suite, what are the tools it consist of?
Burp suite is an integrated platform used for attacking web applications. It consists of all the Burp tools required for attacking an
application. Burp Suite tool has same approach for attacking web applications like framework for handling HTTP request, upstream
proxies, alerting, logging and so on.
The tools that Burp Suite has
 Proxy
 Spider
 Scanner
  Intruder
 Repeater
 Decoder
 Comparer
 Sequencer
17) Explain what is Pharming and Defacement?
 Pharming: In this technique the attacker compromises the DNS ( Domain Name System) servers or on the user computer so
that traffic is directed to a malicious site
 Defacement: In this technique the attacker replaces the organization website with a different page. It contains the hackers
name, images and may even include messages and background music
18) Explain how you can stop your website getting hacked?
By adapting following method you can stop your website from getting hacked
 Sanitizing and Validating users parameters: By Sanitizing and Validating user parameters before submitting them to
the database can reduce the chances of being attacked by SQL injection
 Using Firewall: Firewall can be used to drop traffic from suspicious IP address if attack is a simple DOS
 Encrypting the Cookies: Cookie or Session poisoning can be prevented by encrypting the content of the cookies, associating
cookies with the client IP address and timing out the cookies after some time
 Validating and Verifying user input : This approach is ready to prevent form tempering by verifying and validating the
user input before processing it
 Validating and Sanitizing headers : This techniques is useful against cross site scripting or XSS, this technique includes
validating and sanitizing headers, parameters passed via the URL, form parameters and hidden values to reduce XSS attacks
19) Explain what is Keylogger Trojan?
Keylogger Trojan is malicious software that can monitor your keystroke, logging them to a file and sending them off to remote
attackers. When the desired behaviour is observed, it will record the keystroke and captures your login username and password.
20) Explain what is Enumeration?
The process of extracting machine name, user names, network resources, shares and services from a system. Under Intranet
environment enumeration techniques are conducted.
21) Explain what is NTP?
To synchronize clocks of networked computers, NTP (Network Time Protocol) is used. For its primary means of communication UDP
port 123 is used. Over the public internet NTP can maintain time to within 10 milliseconds
22) Explain what is MIB?
MIB ( Management Information Base ) is a virtual database. It contains all the formal description about the network objects that can
be managed using SNMP. The MIB database is hierarchical and in MIB each managed objects is addressed through object identifiers
(OID).
23) Mention what are the types of password cracking techniques?
The types of password cracking technique includes
 AttackBrute Forcing
 AttacksHybrid
 AttackSyllable
 AttackRule
24) Explain what are the types of hacking stages?
The types of hacking stages are
 Gaining AccessEscalating
 PrivilegesExecuting
 ApplicationsHiding
 FilesCovering Tracks
25) Explain what is CSRF (Cross Site Request Forgery)? How you can prevent this?
CSRF or Cross site request forgery is an attack from a malicious website that will send a request to a web application that a user is
already authenticated against from a different website. To prevent CSRF you can append unpredictable challenge token to each
request and associate them with user’s session. It will ensure the developer that the request received is from a valid source.
Top 110 Cyber Security Interview Questions & Answers
Following are frequently asked questions in interviews for freshers as well as experienced cyber security certification candidates.
1) What is cybersecurity?
Cybersecurity refers to the protection of hardware, software, and data from attackers. The primary purpose of cyber security is to
protect against cyberattacks like accessing, changing, or destroying sensitive information.
2) What are the elements of cybersecurity?
Major elements of cybersecurity are:
 Information security
 Network security
 Operational security
 Application security
 End-user education
 Business continuity planning
3) What are the advantages of cyber security?
Benefits of cyber security are as follows:
 It protects the business against ransomware, malware, social engineering, and phishing.
 It protects end-users.
 It gives good protection for both data as well as networks.
 Increase recovery time after a breach.
 Cybersecurity prevents unauthorized users.
4) Define Cryptography.
It is a technique used to protect information from third parties called adversaries. Cryptography allows the sender and recipient of a
message to read its details.

5) Differentiate between IDS and IPS.

Intrusion Detection System (IDS) detects intrusions. The administrator has to be careful while preventing the intrusion. In the
Intrusion Prevention System (IPS), the system finds the intrusion and prevent it.
6) What is CIA?
Confidentiality, Integrity, and Availability (CIA) is a popular model which is designed to develop a security policy. CIA model
consists of three concepts:
 Confidentiality: Ensure the sensitive data is accessed only by an authorized user.
 Integrity: Integrity means the information is in the right format.
 Availability: Ensure the data and resources are available for users who need them.
7) What is a Firewall?
It is a security system designed for the network. A firewall is set on the boundaries of any system or network which monitors and
controls network traffic. Firewalls are mostly used to protect the system or network from malware, worms, and viruses. Firewalls can
also prevent content filtering and remote access.
8) Explain Traceroute
It is a tool that shows the packet path. It lists all the points that the packet passes through. Traceroute is used mostly when the packet
does not reach the destination. Traceroute is used to check where the connection breaks or stops or to identify the failure.

9) Differentiate between HIDS and NIDS.

Parameter HIDS NIDS

Usage HIDS is used to detect the intrusions. NIDS is used for the network.

What does it It monitors suspicious system activities and traffic of a It monitors the traffic of all device on the
do? specific device. network.
10) Explain SSL
SSL stands for Secure Sockets Layer. It is a technology creating encrypted connections between a web server and a web browser. It is
used to protect the information in online transactions and digital payments to maintain data privacy.
11) What do you mean by data leakage?
Data leakage is an unauthorized transfer of data to the outside world. Data leakage occurs via email, optical media, laptops, and USB
keys.
12) Explain the brute force attack. How to prevent it?
It is a trial-and-error method to find out the right password or PIN. Hackers repetitively try all the combinations of credentials. In
many cases, brute force attacks are automated where the software automatically works to login with credentials. There are ways to
prevent Brute Force attacks. They are:
 Setting password length.
 Increase password complexity.
 Set limit on login failures.
13) What is port scanning?
It is the technique for identifying open ports and service available on a specific host. Hackers use port scanning technique to find
information for malicious purposes.
14) Name the different layers of the OSI model.
Seven different layers of OSI models are as follows:
1. Physical Layer
2. Data Link Layer
3. Network Layer
4. Transport Layer
5. Session Layer
6. Presentation Layer
7. Application Layer
15) What is a VPN?
VPN stands for Virtual Private Network. It is a network connection method for creating an encrypted and safe connection. This
method protects data from interference, snooping, censorship.
16) What are black hat hackers?
Black hat hackers are people who have a good knowledge of breaching network security. These hackers can generate malware for
personal financial gain or other malicious reasons. They break into a secure network to modify, steal, or destroy data so that the
network can not be used by authorized network users.
17) What are white hat hackers?
White hat hackers or security specialist are specialized in penetration testing. They protect the information system of an organization.
18) What are grey hat hackers?
Grey hat hackers are computer hacker who sometimes violate ethical standards, but they do not have malicious intent.
19) How to reset a password-protected BIOS configuration?
There are various ways to reset BIOS password. Some of them are as follows:
 Remove CMOS battery.
 By utilizing the software.
 By utilizing a motherboard jumper.
 By utilizing MS-DOS.
20) What is MITM attack?
A MITM or Man-in-the-Middle is a type of attack where an attacker intercepts communication between two persons. The main
intention of MITM is to access confidential information.
21) Define ARP and its working process.
It is a protocol used for finding MAC address associated with IPv4 address. This protocol work as an interface between the OSI
network and OSI link layer.
22) Explain botnet.
It's a number of internet-connected devices like servers, mobile devices, IoT devices, and PCs that are infected and controlled by
malware.
23) What is the main difference between SSL and TLS?
The main difference between these two is that SSL verifies the identity of the sender. SSL helps you to track the person you are
communicating to. TLS offers a secure channel between two clients.
24) What is the abbreviation of CSRF?
CSRF stands for Cross-Site Request Forgery.
25) What is 2FA? How to implement it for a public website?
TFA stands for Two Factor Authentication. It is a security process to identify the person who is accessing an online account. The user
is granted access only after presenting evidence to the authentication device.
26) Explain the difference between asymmetric and symmetric encryption.
Symmetric encryption requires the same key for encryption and decryption. On the other hand, asymmetric encryption needs different
keys for encryption and decryption.
27) What is the full form of XSS?
XSS stands for cross-site scripting.
28) Explain WAF
WAF stands for Web Application Firewall. WAF is used to protect the application by filtering and monitoring incoming and outgoing
traffic between web application and the internet.
29) What is hacking?
Hacking is a process of finding weakness in computer or private networks to exploit its weaknesses and gain access.
For example, using password cracking technique to gain access to a system.
30) Who are hackers?
A Hacker is a person who finds and exploits the weakness in computer systems, smartphones, tablets, or networks to gain access.
Hackers are well experienced computer programmers with knowledge of computer security.
31) What is network sniffing?
Network sniffing is a tool used for analyzing data packets sent over a network. This can be done by the specialized software program
or hardware equipment. Sniffing can be used to:
  Capture sensitive data such as password.
 Eavesdrop on chat messages
 Monitor data package over a network
32) What is the importance of DNS monitoring?
Yong domains are easily infected with malicious software. You need to use DNS monitoring tools to identify malware.
33) Define the process of salting. What is the use of salting?
Salting is that process to extend the length of passwords by using special characters. To use salting, it is very important to know the
entire mechanism of salting. The use of salting is to safeguard passwords. It also prevents attackers testing known words across the
system.
For example, Hash("QxLUF1bgIAdeQX") is added to each and every password to protect your password. It is called as salt.
34) What is SSH?
SSH stands for Secure Socket Shell or Secure Shell. It is a utility suite that provides system administrators secure way to access the
data on a network.
35) Is SSL protocol enough for network security?
SSL verifies the sender's identity, but it does not provide security once the data is transferred to the server. It is good to use server-side
encryption and hashing to protect the server against a data breach.
36) What is black box testing and white box testing?
 Black box testing: It is a software testing method in which the internal structure or program code is hidden.
 White box testing: A software testing method in which internal structure or program is known by tester.
37) Explain vulnerabilities in network security.
Vulnerabilities refer to the weak point in software code which can be exploited by a threat actor. They are most commonly found in an
application like SaaS (Software as a service) software.
38) Explain TCP Three-way handshake.
It is a process used in a network to make a connection between a local host and server. This method requires the client and server to
negotiate synchronization and acknowledgment packets before starting communication.
39) Define the term residual risk. What are three ways to deal with risk?
It is a threat that balances risk exposure after finding and eliminating threats.
Three ways to deal with risk are:
1. Reduce it
2. Avoid it
3. Accept it.
40) Define Exfiltration.
Data exfiltration refers to the unauthorized transfer of data from a computer system. This transmission may be manual and carried out
by anyone having physical access to a computer.
41) What is exploit in network security?
An exploit is a method utilized by hackers to access data in an unauthorized way. It is incorporated into malware.
42) What do you mean by penetration testing?
It is the process of checking exploitable vulnerabilities on the target. In web security, it is used to augment the web application
firewall.
43) List out some of the common cyber-attack.
Following are the common cyber-attacks which can be used by hackers to damage network:
 Malware
 Phishing
 Password attacks
 DDoS
 Man in the middle
 Drive-by downloads
 Malvertising
 Rogue software
44) How to make the user authentication process more secure?
In order to authenticate users, they have to provide their identity. The ID and Key can be used to confirm the user's identity. This is an
ideal way how the system should authorize the user.
45) Explain the concept of cross-site scripting.
Cross-site scripting refers to a network security vulnerability in which malicious scripts are injected into websites. This attack occurs
when attackers allow an untrusted source to inject code into a web application.
46) Name the protocol that broadcast the information across all the devices.
Internet Group Management Protocol or IGMP is a communication protocol that is used in game or video streaming. It facilitates
routers and other communication devices to send packets.
47) How to protect email messages?
Use cipher algorithm to protect email, credit card information, and corporate data.
48) What are the risks associated with public Wi-Fi?
Public Wi-Fi has many security issues. Wi-Fi attacks include karma attack, sniffing, war-driving, brute force attack, etc.
Public Wi-Fi may identify data that is passed through a network device like emails, browsing history, passwords, and credit card data.
49) What is Data Encryption? Why it is important in network security?
Data encryption is a technique in which the sender converts the message into a code. It allows only authorized user to gain access.
50) Explain the main difference between Diffie-Hellman and RSA.
Diffie-Hellman is a protocol used while exchanging key between two parties while RSA is an algorithm that works on the basis two
keys called private and public key.
51) What is a remote desktop protocol?
Remote Desktop Protocol (RDP) is developed by Microsoft, which provides GUI to connect two devices over a network.
The user uses RDP client software to serve this purpose while other device must run RDP server software. This protocol is specifically
designed for remote management and to access virtual PCs, applications, and terminal server.
52) Define Forward Secrecy.
Forward Secrecy is a security measure that ensures the integrity of unique session key in event that long term key is compromised.
53) Explain the concept of IV in encryption.
IV stands for the initial vector is an arbitrary number that is used to ensures that identical text encrypted to different ciphertexts.
Encryption program uses this number only once per session.
54) Explain the difference between stream cipher and block cipher.

Parameter Stream Cipher Block Cipher.

How does it work? Stream cipher operates on small plaintext units Block cipher works on large data blocks.

Code requirement It requires less code. It requires more code.

Usage of key Key is used only once. Reuse of key is possible.

Application Secure Socket layer. File encryption and database.

Usage Stream cipher is used to implement hardware. Block cipher is used to implement software.
55) Give some examples of a symmetric encryption algorithm.
Following are some examples of symmetric encryption algorithm.
 RCx
 Blowfish
 Rijndael (AES)
 DES
56) What is the abbreviation of ECB and CBC?
The full form of ECB is Electronic Codebook, and the full form of CBC is Cipher Block Chaining.
57) Explain a buffer overflow attack.
Buffer overflow attack is an attack that takes advantage of a process that attempts to write more data to a fixed-length memory block.
58) Define Spyware.
Spyware is a malware that aims to steal data about the organization or person. This malware can damage the organization's computer
system.
59) What is impersonation?
It is a mechanism of assigning the user account to an unknown user.
60) What do you mean by SRM?
SRM stands for Security Reference Monitor provides routines for computer drivers to grant access rights to object.
61) What is a computer virus?
A virus is a malicious software that is executed without the user's consent. Viruses can consume computer resources, such as CPU
time and memory. Sometimes, the virus makes changes in other computer programs and insert its own code to harm the computer
system.
A computer virus may be used to:
 Access private data like user id and passwords
 Display annoying messages to the user
 Corrupt data in your computer
 Log the user's keystrokes
62) What do you mean by Authenticode?
Authenticode is a technology that identifies the publisher of Authenticode sign software. It allows users to ensure that the software is
genuine and not contain any malicious program.
63) Define CryptoAPI
CryptoAPI is a collection of encryption APIs which allows developers to create a project on a secure network.
64) Explain steps to secure web server.
Follow the following steps to secure your web server:
 Update ownership of file.
 Keep your webserver updated.
 Disable extra modules in the webserver.
 Delete default scripts.
65) What is Microsoft Baseline Security Analyzer?
Microsoft Baseline Security Analyzer or MBSA is a graphical and command-line interface that provides a method to find missing
security updates and misconfigurations.
66) What is Ethical hacking?
Ethical hacking is a method to improve the security of a network. In this method, hackers fix vulnerabilities and weakness of computer
or network. Ethical hackers use software tools to secure the system.
67) Explain social engineering and its attacks.
Social engineering is the term used to convince people to reveal confidential information.
There are mainly three types of social engineering attacks: 1) Human-based, 2) Mobile-based, and 3) Computer-based.
 Human-based attack: They may pretend like a genuine user who requests higher authority to reveal private and confidential
information of the organization.
 Computer-based attack: In this attack, attackers send fake emails to harm the computer. They ask people to forward such
email.
 Mobile-based attack: Attacker may send SMS to others and collect important information. If any user downloads a malicious
app, then it can be misused to access authentication information.
68) What is IP and MAC Addresses?
IP Address is the acronym for Internet Protocol address. An internet protocol address is used to uniquely identify a computer or device
such as printers, storage disks on a computer network.
MAC Address is the acronym for Media Access Control address. MAC addresses are used to uniquely identify network interfaces for
communication at the physical layer of the network.

Parameter Virus Worm

How they infect a It inserts malicious code into a specific file or Generate it's copy and spread using email client.
computer? program.

Dependency Virus need a host program to work They do not require any host to function
correctly.
 Linked with files It is linked with .com, .xls, .exe, .doc, etc. It is linked with any file on a network.

Affecting speed It is slower than worm. It faster compared to a virus.

69) What do you mean by a worm?
A Worm is a type of malware which replicates from one computer to another.
70) State the difference between virus and worm
71) Name some tools used for packet sniffing.
Following are some tools used for packet sniffing.
 Tcpdump
 Kismet
 Wireshark
 NetworkMiner
 Dsniff
72) Explain anti-virus sensor systems
Antivirus is software tool that is used to identify, prevent, or remove the viruses present in the computer. They perform system checks
and increase the security of the computer regularly.
73) List out the types of sniffing attacks.
Various types of sniffing attacks are:
 Protocol Sniffing
 Web password sniffing
 Application-level sniffing
 TCP Session stealing
 LAN Sniffing
 ARP Sniffing
74) What is a distributed denial-of-service attack (DDoS)?
It is an attack in which multiple computers attack website, server, or any network resource.
75) Explain the concept of session hijacking.
TCP session hijacking is the misuse of a valid computer session. IP spoofing is the most common method of session hijacking. In this
method, attackers use IP packets to insert a command between two nodes of the network.
76) List out various methods of session hijacking.
Various methods of session hijacking are:
 Using packet Sniffers
 Cross-Site Scripting (XSS Attack)
 IP Spoofing
 Blind Attack
77) What are Hacking Tools?
Hacking Tools are computer programs and scripts that help you find and exploit weaknesses in computer systems, web applications,
servers, and networks. There are varieties of such tools available on the market. Some of them are open source, while others are a
commercial solution.
78) Explain honeypot and its Types.
Honeypot is a decoy computer system which records all the transactions, interactions, and actions with users.
Honeypot is classified into two categories: 1) Production honeypot and 2) Research honeypot.
 Production honeypot: It is designed to capture real information for the administrator to access vulnerabilities. They are
generally placed inside production networks to increase their security.
 Research Honeypot: It is used by educational institutions and organizations for the sole purpose of researching the motives
and tactics of the back-hat community for targeting different networks.
79) Name common encryption tools.
Tools available for encryptions are as follows:
 RSA
 Twofish
  AES
 Triple DES
80) What is Backdoor?
It is a malware type in which security mechanism is bypassed to access a system.
81) Is it right to send login credentials through email?
It is not right to send login credentials through email because if you send someone userid and password in the mail, chances of email
attacks are high.
82) Explain the 80/20 rule of networking?
This rule is based on the percentage of network traffic, in which 80% of all network traffic should remain local while the rest of the
traffic should be routed towards a permanent VPN.
83) Define WEP cracking.
It is a method used for a security breach in wireless networks. There are two types of WEP cracking: 1) Active cracking and 2)
Passive cracking.
84) What are various WEP cracking tools?
Well known WEP cracking tools are:
 Aircrack
 WebDecrypt
 Kismet
 WEPCrack
85) What is a security auditing?
Security auditing is an internal inspection of applications and operating systems for security flaws. An audit can also be done via line
by line inspection of code.
86) Explain phishing.
It is a technique used to obtain a username, password, and credit card details from other users.
87) What is Nano-scale encryption?
Nano encryption is a research area which provides robust security to computers and prevents them from hacking.
88) Define Security Testing?
Security Testing is defined as a type of Software Testing that ensures software systems and applications are free from any
vulnerabilities, threats, risks that may cause a big loss.
89) Explain Security Scanning.
Security scanning involves identifying network and system weaknesses and later provides solutions for reducing these risks. This
scanning can be performed for both Manual as well as Automated scanning.
90) Name the available hacking tools.
Following is a list of useful hacking tools.
 Acunetix
 WebInspect
 Probably
 Netsparker
 Angry IP scanner:
 Burp Suite
 Savvius
91) What is the importance of penetration testing in an enterprise?
Here are two common application of Penetration testing.
 Financial sectors like stock trading exchanges, investment banking, want their data to be secured, and penetration testing is
essential to ensure security.
 In case if the software system is already hacked and the organization would like to determine whether any threats are still
present in the system to avoid future hacks.
92) What are the disadvantages of penetration testing?
Disadvantages of penetration testing are:
 Penetration testing cannot find all vulnerabilities in the system.
 There are limitations of time, budget, scope, skills of penetration testers.
  Data loss and corruption
 Down Time is high which increase costs
93) Explain security threat
Security threat is defined as a risk which can steal confidential data and harm computer systems as well as organization.
94) What are physical threats?
A physical threat is a potential cause of an incident that may result in loss or physical damage to the computer systems.
95) Give examples of non-physical threats
Following are some examples of non-physical threat:
 Loss of sensitive information
 Loss or corruption of system data
 Cyber security Breaches
 Disrupt business operations that rely on computer systems
 Illegal monitoring of activities on computer systems
96) What is Trojan virus?
Trojan is a malware employed by hackers and cyber-thieves to gain access to any computer. Here attackers use social engineering
techniques to execute the trojan on the system.
97) Define SQL Injection
It is an attack that poisons malicious SQL statements to database. It helps you to take benefit of the design flaws in poorly designed
web applications to exploit SQL statements to execute malicious SQL code. In many situations, an attacker can escalate SQL injection
attack in order to perform other attack, i.e. denial-of-service attack.
98) List security vulnerabilities as per Open Web Application Security Project (OWASP).
Security vulnerabilities as per open web application security project are as follows:
 SQL Injection
 Cross-site request forgery
 Insecure cryptographic storage
 Broken authentication and session management
 Insufficient transport layer protection
 Unvalidated redirects and forwards
 Failure to restrict URL access
99) Define an access token.
An access token is a credential which is used by the system to check whether the API should be granted to a particular object or not.
100) Explain ARP Poisoning
ARP (Address Resolution Protocol) Poisoning is a type of cyber-attack which is used to convert IP address to physical addresses on a
network device. The host sends an ARP broadcast on the network, and the recipient computer responds back with its physical address.
ARP poisoning is sending fake addresses to the switch so that it can associate the fake addresses with the IP address of a genuine
computer on a network and hijack the traffic.
101) Name common types of non-physical threats.
Following are various types of non-physical threats:
 Trojans
 Adware
 Worms
 Spyware
 Denial of Service Attacks
 Distributed Denial of Service Attacks
 Virus
 Key loggers
 Unauthorized access to computer systems resources
 Phishing
102) Explain the sequence of a TCP connection.
The sequence of a TCP connection is SYN-SYN ACK-ACK.
103) Define hybrid attacks.
Hybrid attack is a blend of dictionary method and brute force attack. This attack is used to crack passwords by making a change of a
dictionary word with symbols and numbers.
104) What is Nmap?
Nmap is a tool which is used for finding networks and in security auditing.
105) What is the use of EtterPeak tool?
EtterPeak is a network analysis tool that is used for sniffing packets of network traffic.
106) What are the types of cyber-attacks?
There are two types of cyberattacks: 1) Web-based attacks, 2) System based attacks.
107) List out web-based attacks
Some web-based attacks are: 1) SQL Injection attacks, 2) Phishing, 3) Brute Force, 4) DNS Spoofing, 4) Denial of Service, and 5)
Dictionary attacks.
108) Give examples of System-based attacks
Examples of system-based attacks are:
 Virus
 Backdoors
 Bots
 Worm
109) List out the types of cyber attackers
There are four types of cyber attackers. They are: 1) cybercriminals, 2) hacktivists, 3) insider threats, 4) state-sponsored attackers.
110) Define accidental threats
They are threats that are accidently done by organization employees. In these threats, an employee unintentionally deletes any file or
share confidential data with outsiders or a business partner going beyond the policy of the company.

CompTIA Certification Guide: Career Paths & Study Material

What is CompTIA Certification?
CompTIA certifications course are considered one of the most trusted credentials in the IT industry as it accurately reflects employee
success. CompTIA engages international focus groups and IT leaders from around the world that define various certification programs
and helps you to create CompTIA certification exams.
In this CompTIA Certification tutorial, you will learn:
 Core Certifications
 Cybersecurity Certifications
 Infrastructure
 Additional Certifications
 Benefits of CompaTIA Certificate
How to start a career with CompTIA certifications?
If you are looking to start an IT career with a renowned certification, which has global recognition and ready-for acceptance by the
employers, then CompTIA certification is the best way to start. This certification helps you to build critical thinking and problem-
solving abilities, which is imperative in the modern enterprise network.
The certification programs come in easy-to-learn ways to suit your time and convenience. You could take up a self-study or
instruction-based learning. It is also meant for students, educators, technocrats, entrepreneurs, and enterprises with a single motto of
advancing the information technology for a not-for-profit cause.
Core Certifications
The core skill certifications are classified as CompTIA F+, CompTIA A+, CompTIA Network+, CompTIA Security+.

The CompTIA F+ certification

This certification is for all those who are looking at a career switch to the IT sector. The certification imparts basic knowledge of IT
terminology and IT concepts, fundamentals of the database, understand the concepts of application software, and the objective of
application architecture. You will also know about the set of necessary infrastructures with a wireless network.
Link: https://www.comptia.org/certifications/it-fundamentals
The CompTIA A+ certification
In this certification, you will gain knowledge of hardware and its components, networking, and various networking protocols, learn to
configure and connect mobile devices like tablets, smartphones, and others. You also will learn to troubleshoot hardware and software
with decision making trees, learn to work on various operating systems like Linux, Windows, iOS, windows, and others.
Link: https://www.comptia.org/certifications/a
The CompTIA Network+ certification:
This certification helps you to gain expertise in information technology infrastructure and network protocols. With this certification,
you can design networks, configure, manage, and troubleshoot networks. You can identify the advantages and pitfalls of the current
network system.
Link: https://www.comptia.org/certifications/network
CompTIA Security + certification
The Security + certification concentrates on the state-of-the-art trends in security management, risk management and mitigation, threat
management, and intrusion. With this certification, as a cybersecurity professional, you can recognize and report security occurrences.
Link: https://www.comptia.org/certifications/security
Cybersecurity Certifications

CompTIA CySA+ Certification

This cybersecurity analyst certification will help you to combat cybersecurity with behavioral analytics, combat malware, and
advanced persistent threats. You can configure threat detection tools with the help of analytics. With this certification, you will learn,
threat and vulnerability management, and response to cyber threats.
Link: https://www.comptia.org/certifications/cybersecurity-analyst
CompTIA CASP certifications:
The advanced security practitioner certification will help professionals to implement the solutions to cybersecurity policies and
frameworks. This is an advanced certification for cybersecurity professionals who want to take a deep-dive into the technology and
not manage.
You will learn and work on advanced technologies like blockchain, cryptocurrency, conduct enterprise security operations. It helps
you to learn to integrate technology with enterprise security.
Link: https://www.comptia.org/certifications/comptia-advanced-security-practitioner
CompTIA PenTest + certifications
The penetration test certification is for cybersecurity professionals to conduct the testing, vulnerability assessment, and protect the
network against cyberattacks. You will learn to plan the compliance-based assessments. You will learn to perform penetration testing
on platforms like mobile, desktops, servers, and others.
Link: https://www.comptia.org/certifications/pentest

Infrastructure
Here, are important Cloud certification for CompTIA:
CompTIA Cloud + certification:
The cloud certification will help you to perform security or networking functions on cloud platforms. This is the only vendor-neutral
certification that will validate your skills to maintain and optimize your cloud infrastructure services.
Link: https://www.comptia.org/certifications/cloud
CompTIA Linux + certification
The CompTIA Linux certification is beneficial to all the IT professionals who work on Linux in their organizations. Many enterprises
are using Linux in the cloud platform, cybersecurity, mobile applications, web applications, and administration of mobile and web
apps.
Link: https://www.comptia.org/certifications/linux
CompTIA Server + certification
The server certification is the only industry certification that covers the latest server technologies like virtualization, storage, security,
and troubleshooting. This certification validates your skills as a server administrator. This certification will help you to understand the
server architecture, implement network data security to servers, and support storage devises.
Link: https://www.comptia.org/certifications/server

Additional Certifications
Here, are some other important CompTIA certification
CompTIA Project + certification:
The project certification is useful for all the managers or business professionals who manage small to mid-sized projects in their
organizations, which are not very complicated. Apart from managerial skills, you will learn a few project management techniques
required to handle small to mid-sized projects with this certification program.
Link: https://www.comptia.org/certifications/project
CompTIA CTT + Certification
The certified technical trainer certification imparts all the skills needed to train a group. The certification validates the knowledge of
the tools and techniques required to be a trainer. You will be an effective communicator and learn to manage classroom training,
conduct exams, with confidence before a large group of audience.
Link: https://www.comptia.org/certifications/ctt
CompTIA Cloud Essentials
The cloud essentials certification is for business professionals who are new to IT concepts and understand the essential cloud
principles. This course is useful to all the non-IT professionals whose enterprise is planning to adapt to the cloud platform and manage
vendor relationships.
Link: https://www.comptia.org/certifications/cloud-essentials

Benefits of CompTIA Certificate

 CompTIA certifications offer a reward for IT career opportunities.
 CompTIA certifications help you to increased job security in your current position.
 Helps professionals to gain respect and credibility in the IT workplace.
 CompTIA certifications can open the door to lucrative government and military technology positions.
 Having CompTIA certifications helps to hire managers that you want to advance your IT career.
 Hiring CompTIA certified can leads to higher customer satisfaction.
 Businesses can easily increase with CompTIA certified employees can increase productivity.
Summary:
 CompTIA certification is the best way to start your career in IT domain.
  If you are looking to start an IT career with a renowned certification, which has global recognition and ready-for acceptance
by the employers, then CompTIA certification
 The CompTIA F+ certification for all those who are looking at a career switch to the IT sector.
 The CompTIA Network+ certification helps you to gain expertise in information technology infrastructure and network
protocols
 CompTIA PenTest + certification test certification is for cybersecurity professionals to conduct the testing, vulnerability
assessment.
 The Security + certification concentrates on the state-of-the-art trends in security management, risk management and
mitigation, threat management, and intrusion.
 CompTIA CySA+ Certification helps you to combat cybersecurity with behavioral analytics, combat malware, and advanced
persistent threats.
 CompTIA CASP certifications help professionals to implement the solutions to cybersecurity policies and frameworks.
 PenTest + certifications is a penetration test certification is for cybersecurity professionals to conduct the testing,
vulnerability assessment, etc.
 Cloud + certification helps you to perform security or networking functions on cloud platforms
 Linux certification is beneficial to all the IT professionals who work on Linux in their organizations
 Server + certification validates your skills as a server administrator.

16 BEST Ethical Hacking Books (2021 Update)

Ethical Hacking is identifying weaknesses in computer systems/networks and coming with countermeasures that protect the
weaknesses. Ethical hackers must get written permission from the computer owner before investigating and transparently report the
findings.
Here is a curated list of Top 16 Ethical Hacking Books that should be part of any beginner to advance Ethical hacker's library.
1) Hacking: The Art of Exploitation

Hacking: The Art of Exploitation is a book written by Jon Erickson. In this book, you will learn the fundamentals of C programming
from a hacker's perspective.
You will also know hacking techniques like overflowing buffers, hijacking network communications. You will also learn about
bypassing protections, exploiting, etc. The book will give a complete picture of programming, network communications, etc.
 Check Latest Price and User Reviews on Amazon
2) The Hacker Playbook 2: Practical Guide to Penetration Testing

The Hacker Playbook provides them their game plans. Written by Peter Kim. This ethical hacking book is a step-by-step guide that
teaches you plenty of hacking features. It also offers hands-on examples and helpful advice from the top of the field.
This book includes the latest attacks, tools, and lessons learned. This certified ethical hacking guide further outlines building a lab.
The book walks through test cases for attacks and provides more customized code.
 Check Latest Price and User Reviews on Amazon

3) The Web Application Hacker's Handbook: Finding and Exploiting Security Flaws

The Web Application Hacker's Handbook is a book written by Dafydd Stuttard. The book explores the various new technologies
employed in web applications. The book teaches you advanced hacking attack techniques that have been developed, particularly to the
client-side.
The book also covers new remoting frameworks, HTML5, cross-domain integration techniques, UI redress, frame busting, hybrid file
attacks, and more. This book is the most current resource. On the critical topic about discovering, exploiting, and it also preventing
web apps and security flaws.
 Check Latest Price and User Reviews on Amazon
4) Penetration Testing – A Hands-On Introduction to Hacking

In Penetration Testing, a security expert, researcher, and trainer is written by Georgia Weidman. The book introduces you to the
necessary skills and techniques that every pentester needs.
You will also learn about forcing and wordlists, test web applications for vulnerabilities, Automate social-engineering attacks, bypass
antivirus software. You will gather advanced information like how you can turn access to one machine into total control of the
enterprise.
 Check Latest Price and User Reviews on Amazon

5) The Basics of Hacking and Penetration Testing

The Basics of Hacking and Penetration Testing is written by Patrick Engebretson. It serves as an introduction to the steps needed to
complete a penetration test to perform an ethical hack from start to end.
The book teaches students how they can utilize and interpret the hacking tools required to complete a penetration test. Every chapter in
this book contains examples and exercises that are designed to teach learners how to interpret results and utilize those results.
 Check Latest Price and User Reviews on Amazon
6) Computer Hacking Beginners Guide

Computer Hacking Beginners Guide teaches you how to protect yourself from the most common hacking attacks by knowing how
hacking works! You should stay ahead of any criminal hacker to learn these techniques you can read this book.
This book covers methods and tools that are used by both criminal and ethical hackers. All the topics you will find here will show you
how information security can be compromised and how you can find cyber attacks in a system. Which you are trying to protect.
 Check Latest Price and User Reviews on Amazon

7) Hackers & Painters: Big Ideas From The Computer Age

Hackers & Painters: Big Ideas is a book written by Paul Graham. This hacking book will have a powerful impact on how we think,
how we work, how we develop technology, and how we live.
The book includes topics like the importance of software design, how to make wealth, programming language renaissance, digital
design, internet startups, etc.
This book includes the importance of beauty in software design, how to make wealth, the programming language renaissance, the
open-source movement, digital design, etc.
 Check Latest Price and User Reviews on Amazon

8) Advanced Penetration Testing: Hacking the World′s Most Secure Networks

Advanced Penetration Testing: Hacking the World's Most Secure Networks takes hacking far beyond Kali Linux and Metasploit.
The book allows you to integrate social engineering, programming, and vulnerability exploits. The book offers a multidisciplinary
approach for targeting and compromising high-security environments.
It also contains the crucial techniques that provide a more accurate picture of your system's defense. Custom coding examples using
VBA, C, Java, JavaScript, etc.
 Check Latest Price and User Reviews on Amazon

9) Hacking: Computer Hacking, Security Testing, Penetration Testing, and Basic Security

Hacking: Computer Hacking, Security Testing is a book written by Gary Hall. This book goes all the way from the basic concept
principles to the intricate techniques methods. It is written, which suits both beginners and advanced learning.
This ethical hacking book uses a language that beginners can understand, without leaving out the intricate details required for
computer hacking. This book is an ideal reference book to know how to hack and how to protect your devices.
 Check Latest Price and User Reviews on Amazon
10) The Hardware Hacker: Adventures in Making and Breaking Hardware

The Hardware Hacker is a book written by Andre Huang. The author shares his experiences in manufacturing and open hardware. It
allows you were creating an illuminating and compelling career retrospective.
This collection of personal essays and interviews covers topics related to reverse engineering to a comparison of intellectual property.
It includes practices between, and society into the tapestry of open hardware.
This book is highly detailed passages on manufacturing and comprehensive. You can take on the issues related to open-source
hardware.
 Check Latest Price and User Reviews on Amazon

11) BackTrack 5 Wireless Penetration Testing Beginner's Guide

BackTrack 5 Wireless Penetration Testing Beginner's Guide is a book by Packt's publishers. With the help book, you will grasp the
concepts and understand the techniques to perform wireless attacks in your lab.
In this ethical, every new attack is described. The book gives this information in the form of a lab exercise with rich illustrations of all
the steps associated. You will practically implement various attacks in your organization.
 Check Latest Price and User Reviews on Amazon
12) Hacking: The Underground Guide to Computer Hacking

Hacking: The Underground Guide to Computer Hacking is a book written by Abraham K White. This book offers the best tools for
Hacking and points out ways to protect your systems. The book provides instructions with command prompts.
The book covers topics like Hacking into Wireless Networks, Ethical Hacking, Cracking Encryption. You will also learn about other
Wireless Hacking Resources and various other subjects related to Hacking.
 Check Latest Price and User Reviews on Amazon

13) Hacking the Hacker: Learn From the Experts Who Take Down Hackers

Hacking the Hacker book is written by Roger A. Grimes. It takes you inside the world of cybersecurity. It shows you what goes on
behind the scenes and introduces you to the men and women on the front lines.
The book contains information form the world's top white hat hackers, security researchers, writers, and leaders. This book
introducing the people and practices that help keep our world secure.
 Check Latest Price and User Reviews on Amazon
14) Gray Hat Hacking: The Ethical Hacker's Handbook

Gray Hat hacking the book featuring 13 new chapters. This book helps you to fortify your network and avert digital and catastrophe
with proven methods from a team of security experts.
You will also learn the latest ethical hacking skills and tactics. It also offers field-tested remedies, case studies, etc. This book helps
explains how hackers gain access and overtake different network devices.
 Check Latest Price and User Reviews on Amazon

15) Hash Crack: Password Cracking Manual

The Hash Crack: Password Cracking Manual is written by Joshua Picolet. It is an expanded reference book for password recovery
(cracking) methods, tools, and analysis techniques.
A compilation of basic and advanced methods to penetration testers and network security professionals. It helps you to evaluate the
network security of their organization. The Hash Crack manual book contains syntax and examples.
 Check Latest Price and User Reviews on Amazon
16) Mastering Hacking (The Art of Information Gathering & Scanning)

Mastering hacking is a book written by Harsh Bothra. By using this book, you would be able to learn about the modern Penetration
Testing Framework.
It also teaches techniques, discovering all types of vulnerabilities, patching, and more. This book aims to provide the best practices
and methodology in the simplified approach. It would help both the technical and non-technical readers.
 Check Latest Price and User Reviews on Amazon
MUST KNOW HACKING!
10 Most Common Web Security Vulnerabilities.........................................................................................................................................1
Top 30 Bug Bounty Programs in 2021........................................................................................................................................................6
Kali Linux Tutorial: What is, Install, Utilize Metasploit and Nmap.........................................................................................................10
13 BEST Operating System for Hacking in 2021.....................................................................................................................................30
Top 25 Ethical Hacking Interview Questions and Answers......................................................................................................................34
Top 110 Cyber Security Interview Questions & Answers........................................................................................................................38
CompTIA Certification Guide: Career Paths & Study Material...............................................................................................................47
16 BEST Ethical Hacking Books (2021 Update)......................................................................................................................................51