Book-Notes Section 6

Question 1

what’s unit testing that happens at the Coding phase of the SDLC?

Answer 1

🔹 Unit testing is a type of software testing where individual parts (units) of the code are tested separately to make sure they work correctly.
🔹 It happens during the Coding phase of the Software Development Life Cycle (SDLC) and is usually done by developers.

🔹 Why is Unit Testing Important?
✔ Finds bugs early – Helps detect small errors before they affect the entire system.
✔ Ensures each function works correctly – Each method, function, or class is tested separately.
✔ Makes debugging easier – If something breaks, you know exactly which part of the code is causing the problem.

Question 2

What is User Acceptance Testing (UAT) in Simple Terms?

Answer 2

🔹 User Acceptance Testing (UAT) is the final phase of software testing where real users test the system to make sure it works as expected before it goes live.
🔹 It ensures that the software meets business requirements and is ready for use by actual users.

🔹 Why is UAT Important?
✔ Confirms the software meets business needs – Does it solve the real problem?
✔ Finds usability issues – Is it easy to use for the end users?
✔ Prevents costly errors after release – Identifies any missing features or bugs before the software is launched.

🔹 Example of UAT in Action:
👩‍💼 Scenario: A company is developing a new employee payroll system.

1️⃣ The developers finish coding and the system passes all technical tests (unit testing, integration testing).
2️⃣ Before launching, the HR team (real users) tests it to ensure:
✅ Salaries are calculated correctly.
✅ Payslips generate without errors.
✅ Employees get paid on time.
3️⃣ If everything works as expected, the system is approved for release.
4️⃣ If issues are found, they are reported and fixed before going live.

Question 3

What is QA (Quality Assurance) in Simple Terms?

Answer 3

🔹 Quality Assurance (QA) is the process of making sure that software works correctly, meets requirements, and is free of bugs before it is released.
🔹 QA happens throughout the Software Development Life Cycle (SDLC) to prevent defects rather than just fixing them.

Question 4

What is DevOps and DevSecOps in Simple Terms?

Answer 4

🔹 What is DevOps? (Development + Operations)
🔹 DevOps is a collaboration between developers (Dev) and IT operations (Ops) to speed up software development, testing, and deployment.
🔹 It aims to automate and streamline the software delivery process so updates and new features can be released faster and more reliably.

✅ Key Features of DevOps:
✔ Faster software releases 🚀
✔ Automated testing and deployment 🔄
✔ Continuous Integration & Continuous Deployment (CI/CD) ⚙
✔ Better collaboration between developers and IT teams 👨‍💻👩‍💻

📌 Example:

A company uses DevOps to release updates to its mobile app every week instead of every few months.
🔹 What is DevSecOps? (Development + Security + Operations)
🔹 DevSecOps is DevOps with Security built-in. It ensures that security is a priority throughout the entire software development process, not just at the end.
🔹 Instead of testing for security after the software is built, DevSecOps integrates security from the start.

✅ Key Features of DevSecOps:
✔ Security is included in every stage of development 🔒
✔ Automated security testing in CI/CD pipelines 🛠
✔ Developers are trained to write secure code 📝
✔ Faster response to security vulnerabilities 🚧

📌 Example:

A bank uses DevSecOps to ensure its online banking app is secure by automating security scans in its software release process.

Question 5

Difference Between Blind Content-Based and Blind Timing-Based SQL Injection

Answer 5

Both Blind Content-Based and Blind Timing-Based SQL Injection occur when the attacker doesn’t directly see error messages or database output but still tries to extract information from a database.

🔹 1. Blind Content-Based SQL Injection (Boolean-Based)
🔹 The attacker injects SQL queries and observes changes in the web page content to determine if the query was successful or not.
🔹 It is called Boolean-Based SQL Injection because it relies on True/False responses from the server.

✅ Example Scenario:
🔹 A website login form takes a username and password from users and checks if they exist in the database:

SELECT * FROM users WHERE username = ‘admin’ AND password = ‘12345’;
🔹 An attacker enters this SQL payload in the password field:

OR 1=1 –
🔹 The query becomes:

SELECT * FROM users WHERE username = ‘admin’ AND password = ‘’ OR 1=1 – ‘;
🔹 If the page loads normally, the attacker knows the injection worked!
🔹 If the page says “Invalid Login”, the attacker tries a different input.

📌 How the Attacker Knows?

If the web page content changes (e.g., redirects to a new page or displays “Welcome Admin”), the attacker confirms the query is successful.
If the response is unchanged, the query failed.
🔹 2. Blind Timing-Based SQL Injection (Time Delay Exploitation)
🔹 The attacker can’t see any content changes, so they use SQL commands that delay responses to determine if the query was executed.
🔹 This is useful when error messages and responses are completely hidden.

✅ Example Scenario:
🔹 An attacker injects this SQL query:

SELECT * FROM users WHERE username = ‘admin’ AND IF(1=1, SLEEP(5), 0);
🔹 The query tells the database:

If 1=1 is TRUE, wait 5 seconds before responding.
Otherwise, respond immediately.
🔹 If the webpage takes 5 seconds to load, the attacker knows the injection worked!
📌 How the Attacker Knows?

Normal response time = Query failed.
5-second delay = Query worked (database executed the attacker’s command).

Question 6

What is a DLL (Dynamic-Link Library)?

Answer 6

🔹 A DLL (Dynamic-Link Library) is a shared file that contains code and functions that multiple programs can use at the same time.
🔹 It helps programs run efficiently, reducing redundancy and saving memory.

✅ Example of a DLL:

User32.dll – Handles user interface functions (e.g., buttons, windows).
Kernel32.dll – Provides access to system functions like file handling.
📌 Think of a DLL like a toolbox 🧰: Instead of every program having its own tools, they all share a common toolbox to avoid wasting resources.

Question 7

What is a False Authentication Mechanism in Social Engineering? (Simple Explanation)

Answer 7

🔹 False Authentication Mechanism is a social engineering trick where an attacker creates a fake authentication process to trick victims into entering their login credentials or performing an action that gives the attacker access.

🔹 It exploits human trust by making the victim believe they are logging into a legitimate system when, in reality, they are handing over their credentials to the attacker.

Question 8

What is NTLM in Simple Terms?

Answer 8

🔹 NTLM (NT LAN Manager) is an old authentication protocol developed by Microsoft to allow Windows computers to verify user identities when logging into a system or network.
🔹 It is used for Windows authentication, especially in environments where Active Directory (AD) is not available.

📌 Think of NTLM like an ID badge for logging into Windows networks. It helps a computer confirm, “Is this user really who they say they are?”

🔹 How NTLM Works (Simple Explanation)
NTLM uses a challenge-response mechanism instead of directly sending passwords over the network.

✅ Example Scenario: Logging Into a Windows Network
1️⃣ You enter your username and password on your Windows login screen.
2️⃣ NTLM doesn’t send your password directly—instead, it:

Takes your password, encrypts it (hashes it), and stores it securely.
When you log in, the system checks the stored hash to see if it matches the one generated from your login attempt.
3️⃣ If the hashes match, you’re authenticated and allowed to access the network.
📌 Key Point: NTLM avoids sending plain-text passwords but is still outdated and vulnerable to attacks.

Question 9

What is a Pass-the-Hash (PtH) Attack? (Simple Explanation)

Answer 9

🔹 How NTLM Pass-the-Hash Works (Step-by-Step)
1️⃣ User Authentication:

When a user logs into a Windows machine, the password is hashed (converted into an encrypted form) using NTLM.
The hash is stored locally and can be used for authentication without sending the actual password over the network.
2️⃣ Attacker Gets the Hash:

The attacker may steal the hash from the computer’s memory, from a dumped file, or through tools like Mimikatz (which can extract NTLM hashes).
Example: If the attacker compromises a user’s machine, they can extract the NTLM hash from the machine’s memory or from network traffic.
3️⃣ Attacker Uses the Hash:

The attacker then uses this hash to authenticate as the victim on another machine or network service, without needing the actual password.
The attacker passes the hash to a new system, tricking it into thinking it’s the real user.
4️⃣ Gaining Access:

The system accepts the hash as a valid login credential and grants access to the attacker.
This attack can spread across the network, especially if the same credentials are used on multiple systems.

NOTE:

In an NTLM authentication environment, the authentication happens at the network level, not just the local device, and the network only accepts the password hash for authentication, not the plain-text password.

Question 10

What is an Unvalidated Redirection URL Vulnerability?

Answer 10

🔹 Unvalidated redirection URL vulnerability happens when a website allows users to be redirected to another site without properly checking the URL.
🔹 Attackers exploit this flaw to send victims to malicious websites disguised as legitimate ones, leading to phishing attacks, session hijacking, or credential theft.

🔹 How Does an Unvalidated Redirect Work? (Example)
✅ Scenario: A banking website has a redirect feature after login:

https://bank.com/login?redirect=success.html

This URL ensures that after logging in, users are sent to success.html on the bank’s website.
The problem? The website does not validate where the redirect is pointing.
💥 Attacker’s Trick (Modifying the URL):
An attacker modifies the redirect parameter to a phishing site:

https://bank.com/login?redirect=http://hacker.com/fake-login

The victim clicks this fake link, thinking it’s a real bank login page.
They enter their username & password, unknowingly sending them to the attacker.

Question 11

1️⃣ Indirect Reflected XSS via Form Submission & Link Sharing

Answer 11

🔹 Even though the attacker types the malicious script, the victim will see the reflected response when they visit the manipulated page.

✅ Scenario: A Fake Error Message on a Login Page

A banking website has a login form.
If users enter incorrect credentials, the site reflects the username in an error message:

<p>Sorry, the username "<b>admin</b>" does not exist.</p>

The attacker submits the login form with a malicious input:

<script>
alert('Hacked!')
</script>

The website doesn’t sanitize the input and reflects it in the error message, so the victim sees:

<p>Sorry, the username "

<script>
alert('Hacked!')
</script>

" does not exist.</p>

Now, the attacker copies the URL with the injected input and sends it to a victim:

https://bank.com/login?username=

alert('Hacked!')

If the victim clicks the link, the script executes in their browser, not the attacker’s.
📌 Key Point:

The attacker injects the script using form input but tricks victims into visiting the URL with the malicious payload.
This works the same way as URL-based Reflected XSS, except the payload originates from a form field.

The most effective way to launch a Reflected XSS attack is to:

1️⃣ Inject a malicious script into a vulnerable form input (e.g., search bar, login field, or feedback form).
2️⃣ Make sure the input is reflected in the page’s response (without being sanitized or encoded).
3️⃣ URL-encode the payload so it remains valid inside a link.
4️⃣ Attach the encoded payload to a link and send it to the victim (via email, social media, or messages).
5️⃣ When the victim clicks the link, the website processes the malicious script and executes it in their browser.
6️⃣ The attack takes effect, which could lead to:

Stealing session cookies (to hijack the victim’s account).
Stealing login credentials (redirecting users to a fake login page).
Executing malware downloads (forcing malicious actions on the victim’s device).
Defacing the webpage (modifying content visible to the user).

Question 12

What is Server-Side Request Forgery (SSRF)

Answer 12

🔹 Server-Side Request Forgery (SSRF) is a cyberattack where an attacker tricks a server into making requests to internal or external resources on its behalf.
🔹 The attacker exploits a vulnerable web application to send unauthorized requests from the server, often targeting internal networks or cloud services.

📌 Think of it like tricking a receptionist into calling secret phone numbers for you, giving you access to information you shouldn’t have.

🔹 How Does SSRF Work? (Step-by-Step)
✅ Step 1: Attacker Finds a Vulnerable Web Application

A website allows users to fetch remote content by providing a URL (e.g., a file downloader, profile picture fetcher, or metadata checker).
✅ Step 2: Attacker Manipulates the URL Input

Instead of a normal request like:

https://example.com/fetch?url=https://trusted-website.com/image.jpg

The attacker modifies the URL to access internal services:

https://example.com/fetch?url=http://localhost/admin

Since the request is made by the server, the firewall assumes it’s legitimate and allows it.
✅ Step 3: The Server Fetches Restricted Data

The server unknowingly sends back sensitive internal data to the attacker.
If the attacker targets cloud services, they might retrieve credentials or sensitive API keys.

Question 13

What is SOAR?

Answer 13

🔹 SOAR (Security Orchestration, Automation, and Response) is a cybersecurity system that helps security teams detect, respond to, and manage threats automatically.
🔹 It reduces manual work by automating tasks like investigating alerts, blocking threats, and responding to incidents.

🔹 SOAR (Security Orchestration, Automation, and Response) is a cybersecurity system that helps security teams detect, respond to, and manage threats automatically.
🔹 It reduces manual work by automating tasks like investigating alerts, blocking threats, and responding to incidents.

✅ SOAR does not replace existing security tools—it integrates with them.
✅ Security tools like firewalls, SIEM, EDR (Endpoint Detection & Response) install SOAR agents to connect and automate responses.
✅ Example: A SOAR agent installed on a SIEM system can automate threat analysis.

📌 Best for: Organizations that already have SIEM, firewalls, and security tools and want to automate responses.

🔹 How SOAR Works (Step-by-Step Example)
✅ Scenario: A Phishing Email Attack
1️⃣ A phishing email is sent to employees.
2️⃣ SOAR detects it using email security tools and threat intelligence.
3️⃣ It automatically analyzes the email, checking links and attachments for malware.
4️⃣ If the email is malicious, SOAR blocks the sender, deletes the email, and alerts the security team.
5️⃣ If needed, SOAR quarantines any infected devices to prevent further damage.

📌 Result: The threat is neutralized without requiring human effort for every step.

Question 14

What is a Parameterized Query?

Answer 14

🔹 A parameterized query is a way to safely handle user input in SQL queries by separating the data (input) from the SQL commands.
🔹 It prevents SQL injection attacks by ensuring that user input is treated as data, not executable code.

example:

cursor.execute(“SELECT * FROM users WHERE username = ? AND password = ?”, (userInput, passwordInput))

Question 15

breakdown of the different environments and their roles, along with examples:

Answer 15

1. Development Environment (Dev)
   Purpose: This is where developers write and modify code. It is used for active development, debugging, and implementing new features or bug fixes.
   Example:
   Tim is fixing a known bug in the web application. He writes the updated code in his development environment and tests it locally on his machine.
   Developers may use local databases, fake data, or mock services while coding.
2. Test Environment
   Purpose: This environment is used for quality assurance (QA) and testing the functionality of the code. Testers verify whether the bug fix or new feature works as expected.
   Example:
   Once Tim finishes his fix in Dev, he commits the code and moves it to the Test environment, where testers check if the bug is really resolved.
   Automated and manual tests are run to catch new bugs before progressing further.
3. Staging Environment
   Purpose: This is a near-production environment where final testing happens before deployment to the live system. It mimics Production as closely as possible.
   Example:
   Tim’s fix has passed Test, so the code is now pushed to Staging.
   The company runs real-world scenarios to ensure the fix works under conditions similar to Production.
   Performance testing, security testing, and integration testing with external services happen here.
4. Production Environment (Prod)
   Purpose: This is the live environment where real users interact with the application.
   Example:
   Once the fix is confirmed to work in Staging, the code is deployed to Production.
   Now, users accessing the web application will benefit from the bug fix.
   Any new issues found in Prod require another cycle through Dev, Test, and Staging before they can be fixed.
   Analogy to a Restaurant Kitchen
   Development (Dev) → The chef experiments with new recipes in their personal kitchen.
   Test → The chef prepares a test meal for the kitchen staff to try and review.
   Staging → The meal is presented as a “soft launch” for a small group of customers.
   Production (Prod) → The dish is added to the restaurant menu and served to all customers.