Basic Security Questions to ask during Interview with anyone?

Photo by Franck on Unsplash

1) How does the security work between two users interacting remotely?

Securing communication between two entities starts with the pubic private key as a preferred mechanism.

If you encode a message using a person’s public key, they can only decode it using their matching private key. This is also known as asymmetric cryptography — in plain words, encryption and decryption require two different cryptographic keys.

Here is a simple example: John wants to send Smith an encrypted message. To do this, John takes Smith’s public key and encrypts his message to him. Then, when Smith receives the message, he takes the private key that is known only to him in order to decrypt the message from John. If a hacker was able to get the message as sent from John, but he doesn’t have Smith’s private key, he won’t be able to view the message. A private key is unique and paired with the public key, which can publish publicly and anyone can use it and encrypt it.

Examples of asymmetric encryption: Diffie-Hellman, ECC, El Gamal, DSA and RSA

2) Difference between Symmetrical and Asymmetrical encryption.

As understood, symmetrical encryption utilises the same key for encryption and decryption. The encryption process is very fast and is utilised in case of large data, but it only provides confidentiality — no authenticity or non-repudiation, unlike asymmetric encryption. Asymmetric encryption was introduced to resolve the inherent problem of the need to share the key in the symmetric encryption model resolving the need to share the key by using a pair of public-private keys.

Examples : RC4, AES, DES, 3DES

3). Encryption vs Hashing

Encryption is the process of converting a normal readable message known as plaintext into a garbage message or not readable message known as Ciphertext, it can be converted back using the key, it grows with the data. However, Hashing is the process of converting the information into a key using a hash function. The original information cannot be retrieved from the hash key by any means, it is a one-way process, also output data is of fixed length always.

3). SSL vs TLS

Both SSL and TLS are cryptographic protocol that provides secure communication between the web server and client via implicit connections. TLS is the successor of SSL protocol. The latest version of TLS is 1.3.

4.) How TLS Communication happens.

A nice overview of the entire flow.

Source: https://cheapsslsecurity.com/

5). How to secure Data at rest or stored?

Encryption is the secure encoding of data used to protect the confidentiality of data. The Encryption at Rest design uses symmetric encryption to encrypt and decrypt large amounts of data quickly. Encryption at rest provides data protection for stored data (at rest). Attacks against data-at-rest include attempts to obtain physical access to the hardware on which the data is stored, and then compromise the contained data.

6). How to secure Data in Transit?

Encryption in transit often uses asymmetric key exchange, such as elliptic-curve-based Diffie-Hellman, to establish a shared symmetric key that is used for data encryption.

7). What are the various OWASP Top 10 Vulnerabilities

  • Sensitive Data Exposure.
  • XML External Entities.
  • Broken Access Control.
  • Security Misconfiguration.
  • Cross-Site Scripting.
  • Insecure Deserialization.
  • Using Components with Known Vulnerabilities.
  • Insufficient Logging and Monitoring.

8) Where do you store data within the browser?

Data is stored in cookies, session and local storage and is accessible to users using various tools.

9). How does the browser work?

https://www.html5rocks.com/en/tutorials/internals/howbrowserswork/

10). What is SSO?

Single sign-on (SSO) is an authentication method that enables users to securely authenticate with multiple applications and websites by using just one set of credentials.

--

--

--

Security Researcher, Productivity and Self-Improvement enthusiast — my writing is oriented towards making this world a better place to live.

Love podcasts or audiobooks? Learn on the go with our new app.

Recommended from Medium

{UPDATE} WORRY EATERS Dada Land Hack Free Resources Generator

Moonwell. DeFi

Access Raspberry Pi behind router or firewall remotely from outside network over the Internet

BlueKeep — The worms are on the horizon

Fuq it….lets MarGoat to the moon!

Trust Me, I’m Private

Why I joined the longest-running BNB Miner today…

Biometric Technology Trends — Security & User Experience

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
InfoOnSecurity

InfoOnSecurity

Security Researcher, Productivity and Self-Improvement enthusiast — my writing is oriented towards making this world a better place to live.

More from Medium

Cyber Research #20

How I Passed CompTIA Security+

Certification in Cybersecurity!

pfSense configuration in VMWare Workstation