Top 29 Application Security Interview Questions

Application security has a wide range of question that can be asked in an interview. Here are some of the questions which are frequently asked in the Interview of Application security

Application Security Interview Questions

Q1) What is Application Security ?
Answer :
Application security is a type of security which includes all tasks that are related from securing a software development life cycle to development teams.

The main objective or main goal of an application security is to improve security practices . By doing these security practices we are able to find, fix security issues within applications . And some time prevent security issues with in the application .

In other words, Application security is the process of developing, adding, and testing security features within applications

Q2.) What are the three phases of application security ?
Answer : The three phases of application security are :

  • Development
  • Quality assurance
  • Production

Development : The Development stage is the first stage of application security . In this first stage i.e. we focus more on writing a secure code . We do three type of testing to ensure that our defense is operating properly : Static testing, Dynamic testing , and Penetrating testing.

Quality assurance : The second stage of application security is the Quality assurance. In this stage we test the application by various methods. After testing if any weakness in security is found, it must be rectified . When it is free from from security vulnerabilities , then is deployed into production.

Production : This is the last stage of application security . In this stage there must be an automated scanning of the application at the scheduled intervals and work to protect it further against new threats

Q3) What is the goal of application security?
Answer : There are three goals of the application security –

  • Protect the Confidentiality of data within the application.
  • Availability of the application.
  • Integrity of data within the application.

Q4) What are the measure that one should take to secure his application ?
Answer : Following are some of the measure that one should take for security of his applications –

  • One must do a security audit for the application.
  • Observe and get connected to OWASP (Open Web Application Security Project).
  • Further , one must do real time security monitoring of this application and protect it against new threats .
  • Moreover , the next step is to encrypt all the private data.
  • Last but not least , for proper security one must keep all his servers and applications up to date .

Q5) What do you mean by Web Application Security ?
Answer : Web Application Security is a process in which we protect the websites and online applications or services from different security threat . Some of the common applications that are vulnerable to attack are Word Press , PhpMyAdmin and Saas.

Q6) What is SAST ?
Answer : SAST stands for Static Application Security Testing. It is a type of testing which scans the application source files ,identify the root cause of the breech in the security. It then helps remediate the underlying security flaws.

Q7) What are security tools ?
Answer : Network Security tools are generally of two types : Hardware security tools and Software security tools . These consists of the tools such as firewalls, antivirus software ,etc.

Q8) What is security testing?
Answer : Security Testing is a process in which various flaws in the security mechanism of the code and application is informed . It reveals presence of security issues in the application . It helps to protect the data and proper functioning of the application

Q9. What is the difference between Http and Html ?
Answer : Http is a networking / application protocol . While Html is a markup language.

Q10. What is the difference between stored and Reflected XSS ?
Answer : Stored XSS is on static page or pulled from a database and displayed to the user directly.
Reflected XSS comes from the user in the form of request. and then gets run in the user’s browser when the results are returned from the site.

Q11. Out of Symmetric and Asymmetric encryption which encryption performs faster ?
Answer : Symmetric Encryption performs faster as compared to Asymmetric encryption.

Q12. What is the OSI Model ?
Answer : The OSI model Stands for Open System Interconnection Model. The OSI model is a reference model that describes how application interact with each other over computer network. The OSI Model has 7 layers.

Q13. What are the seven layers of OSI Model ?
Answer : The Seven Layers of OSI Model are :-

  • Layer 7 : Applications Layer
  • Layer 6 : Presentation Layer
  • Layer 5 : Session Layer
  • Layer 4 : Transport Layer
  • Layer 3 : Network Layer
  • Layer 2 : Data Link Layer
  • Layer 1 : Physical Layer

Q14. Compare Stream Cipher and Block Cipher .
Answer : Comparison of Block Cipher and Stream Cipher :-

PurposeBlock CipherStream Cipher
How does it works ?It works on larges data blocksIt operated on small plaintext units.
Code requirementIt required more code.It requires less Code
Usage of KeyReuse is possibleKey is used only once.
ApplicationFile encryption and database Secure Socket layer.
UsageIt is used to implement is used to implement hardware.

Q15. What does TCP/IP stands for ?
Answer : TCP stands for Transmission Control protocol And IP stands for Internet Protocol.

Q16. What protocols are used in the transport layer ?
Answer : TCP, UDP, ICMP and SNMP.

Q17. What do you mean by Unicast ?
Answer : In the Unicast transmission method information is sent from a single user to a single receiver. This is used for point to point communication.

Q18. What is DNS ?
Answer : DNS stands for Domain Name System . it is like the internet’s phone book that is responsible for mapping the domain into its corresponding IP address.

Q19. What is CIA triad ?
Answer : The CIA triad for Information security, provides a baseline standard for evaluating and implementing information security – irrespective of the system and/or organisation question.

Q20. What is CSRF ?
Answer : Cross-Site Request Forgery (CSRF) is an attack that forces an end user to execute unwanted action on a web application in which they are currently authenticated.

Q21. What do you mean by SQL Injection ?
Answer : SQL injection is also known as SQLI. It is a common attack vector that uses malicious SQL Code for backend database manipulation to access information that was not intended to be displayed.

Q22. Why Https should be used instead of Http ?
Answer : HTTP Send data in clear text whereas HTTPS sends data in encrypted form.

Q23. What is Management Information Base ?
Answer : A Management Information Base is part of every SNMP-managed device. Each SNMP agent has the MIB database that contains information about the devices’ status , its performance, connection, and configuration . The MIB is queried by SNMP.

Q24. What are the major elements of Cyber Security ?
Answer : Major Elements of Cyber Security are –

  • Information Security
  • Network Security
  • Operational Security
  • Application Security
  • End-User Education
  • Business Continuity Planning

Q25. What do you mean by a Firewall ?
Answer : Firewall is cyber security system designed for protection of network.

A firewall acts as a boundary of any network or system which controls and monitors network traffic. They are used mostly as protection against unauthorised access, and cyber threats like virus, malware and computer worms

Q26. What is the difference between Domain and Work group?
Answer : The difference between Domain and Work group are-

It is centralised network modelIt is decentralised network
One administrator manages the domain and its resourcesEvery user manages the resources individually on their PCs
Good for larges networkGood for small network
The computer can be connected to any network.All the computer should be connected to the same LAN.

Q27. What is Weak Information Security ?
Answer : Information security policy is considered to be weak if does not meet the criteria of an effective one. The criteria include : distribution, review, comprehension, compliance and uniform.

Information Security is weak if –

  • The policy has not been made readily available for review by every employee within the organisation.
  • The organisation is unable to demonstrate that employees can review the policy documents.
  • The organisation is unable to demonstrate the employee understand the content of the policy document.

Q28. Which protocol is used by DNS Name Servers ?
Answer : DNS uses UDP for communication between servers. It is a better choice than TCP because of the improved speed a connectionless protocol offers.

Q29. What are the elements of Network Security ?
Answer : Elements of Network Security are – Network Access control, Firewall Security, Intrusion Prevention System, Security Information and Event Management.