Questions Topics
- 1.
What is VAPT and why is it important?
- 2.
What’s the difference between Vulnerability Assessment and Penetration Testing?
- 3.
What are the main phases of a penetration test?
- 4.
What are common tools used in VAPT?
- 5.
What is OWASP Top 10?
- 6.
What is the difference between authenticated and unauthenticated scans?
- 7.
What is CVSS?
- 8.
What is SQL Injection?
- 9.
What is XSS (Cross-Site Scripting)?
- 10.
What is CSRF (Cross-Site Request Forgery)?
- 11.
What are false positives in VAPT?
- 12.
What is privilege escalation?
- 13.
What are the deliverables of a VAPT report?
- 14.
What is a Zero-Day vulnerability?
- 15.
What is reconnaissance in penetration testing?
- 16.
What is the difference between black box, white box, and gray box testing?
- 17.
What is the difference between active and passive reconnaissance?
- 18.
What are common web vulnerabilities you test for?
- 19.
What is patch management and why is it important?
- 20.
What is Metasploit used for?
- 21.
What is Nmap and how is it used?
- 22.
What is social engineering in penetration testing?
- 23.
How do you prioritize vulnerabilities?
- 24.
How do you perform web application penetration testing?
- 25.
How do you stay updated on new vulnerabilities?
Cyber Security (VAPT) Interview Questions
Preparing for a Cyber Security or VAPT interview? Explore the top 25 most frequently asked Cyber Security VAPT interview questions and answers to help you demonstrate your technical expertise in vulnerability assessment, penetration testing, and secure coding.
Top 25 Cyber Security VAPT Interview Questions & Answers
- VAPT stands for Vulnerability Assessment and Penetration Testing.
- It combines automated scanning and manual exploitation to identify and verify security flaws before attackers can exploit them.
- Vulnerability Assessment identifies flaws in systems or applications.
- Penetration Testing exploits those flaws to determine real-world impact.
- VA is automated and non-intrusive, while PT is manual and intrusive.
- 1. Planning & Scoping
- 2. Reconnaissance
- 3. Vulnerability Analysis
- 4. Exploitation
- 5. Post-Exploitation
- 6. Reporting
Nessus, OpenVAS, Qualys, Nmap, Burp Suite, OWASP ZAP, Metasploit, Nikto, Hydra, Hashcat, Dradis.
A list of the 10 most critical web application security risks, such as Injection, Broken Authentication, XSS, Security Misconfiguration, and others.
- Authenticated scans use valid credentials and identify internal vulnerabilities.
- Unauthenticated scans test external surfaces without credentials.
- Common Vulnerability Scoring System assigns severity scores (0–10) to vulnerabilities to prioritize remediation efforts.
- Scores are categorized as Low, Medium, High, and Critical.
- SQL Injection is a vulnerability that allows attackers to alter SQL queries through unsanitized input fields.
- Prevent using parameterized queries and input validation.
- XSS allows attackers to inject malicious scripts into webpages viewed by other users.
- Types include Stored, Reflected, and DOM-based XSS.
- Prevention: Input validation and output encoding.
- CSRF tricks authenticated users into performing unintended actions.
- Prevent by using anti-CSRF tokens, same-site cookies, and validating request origins.
- A false positive occurs when a scanner flags a vulnerability that doesn't actually exist.
- Manually verify findings or cross-check with multiple tools to avoid this.
- Privilege escalation exploits flaws to gain unauthorized access to higher-level permissions.
- Types: Vertical (admin/root) and Horizontal (another user’s privileges).
- Executive Summary
- Vulnerability List
- CVSS Scores
- Proof of Concept (PoC)
- Impact Analysis
- Remediation Recommendations
- A Zero-Day vulnerability is a flaw unknown to the vendor with no patch available.
- It’s often exploited before discovery or a fix is released.
- Reconnaissance is the information-gathering phase where testers collect data about targets.
- Active: Scanning with Nmap or similar tools.
- Passive: Using public data sources (WHOIS, Shodan, Google Dorking).
- Black Box: No prior system knowledge (external perspective).
- White Box: Full knowledge of the system (internal perspective).
- Gray Box: Partial knowledge, simulating an insider threat.
- Active reconnaissance involves direct interaction (e.g., port scanning).
- Passive reconnaissance gathers information indirectly without alerting the target (e.g., OSINT).
- SQL Injection
- Cross-Site Scripting (XSS)
- Cross-Site Request Forgery (CSRF)
- File Upload Vulnerabilities
- Directory Traversal
- Command Injection
- Insecure Deserialization
- Broken Access Control
- Patch management ensures timely application of software updates and fixes.
- It reduces the attack surface and maintains compliance with security standards.
Metasploit is a framework for developing, testing, and executing exploits during penetration testing.
- Nmap (Network Mapper) is a tool used for port scanning, service detection, and network discovery.
- It helps identify open ports and running services on a target system.
- Prioritize based on CVSS score, exploit availability, business impact, and data sensitivity.
- Critical vulnerabilities should be remediated first.
- Follow the OWASP Testing Guide methodology:
- 1. Reconnaissance
- 2. Authentication testing
- 3. Input validation testing
- 4. Business logic testing
- 5. Reporting and remediation verification
- Monitor CVE databases (NVD, MITRE).
- Follow cybersecurity blogs like KrebsOnSecurity and Exploit-DB.
- Subscribe to CERT advisories.
- Participate in bug bounty and security research communities.
