App Sec / Pentest Experienced Interview Questions (2–6 yrs)
I have given a lot of interviews, almost 50 more or less and before all the interviews I used to study and refresh all the concepts but never did I found a resource which had all the collection of questions for exp candidates.
Which forced me to collect and create my own list of app sec / pentest interview questions that I encountered through all of my interviews and I would like to share it with you guys, so that just by going through all the questions/topics mentioned in this post you will be able to prepare better for your upcoming interview.
I am deliberately not writing the answers as it will make the whole blog post very dense but will add the link to the resource for some questions that I found the most useful and clear to grasp.
Just an FYI, If you are new to Infosec It might take you weeks to learn all the answers but to someone already in the field , it should not take more than 1–2 days to brush up on these questions and be ready for the interview.
Let’s start with some light WARM-UP questions:
- OWASP Top 10 (mandatory)
2. SQLi/XSS/Password Spraying/Clickjacking etc etc ,Basic understanding of the following class of would be enough.
3. OSI Model and It’s Layers (extra layer of prep is to remember the protocols used in each layer), trick question here could be asking for the port number for the ICMP Protocol (Ping Protocol) https://networkengineering.stackexchange.com/questions/37896/ping-port-number
After you have answered the simple definition or explanation of the above, comes the fun and interesting part, where the interviewer would like to deep dive into the any of the following topics:-
- XXE Injection(XML External Entity Injection)
Types of XXE — In Band XXE/Error XXE/Out Of Band XXE (Blind XXE)
How to detect XXE?How to Avoid XXE Vulns?How dangerous is XXE?
XXE to RCE
What is CSRF (Cross-site request forgery)? Tutorial & Examples | Web Security Academy
In this section, we'll explain what cross-site request forgery is, describe some examples of common CSRF…
What is XSS ? Types of XSS ? Difference between DOM Based XSS & Reflected XSS ? What is DOM in DOM Based XSS ? Recommendations for XSS ?
In XSS — DOM based XSS was the most frequently asked in interview(s) , interviewer just love this question so here you go the best explanation
4. Session Fixation
What is session fixation attack ? Recommendations ?
5. Insecure Deserialization
What is Insecure Deserialization, How to Detect them in Black box & white box Testing and Recommendations ?What can be the result of insecure deserialization?How to avoid insecure deserialization?
Insecure Deserialization to RCE
Hacking Java Deserialization
How attackers exploit Java Deserialization to achieve Remote Code Execution
What is IDOR ? Diffrence between IDOR and Missing Function Level access control ? Recommendations ?
Testing for Insecure Direct Object References (OTG-AUTHZ-004)
This article is part of the new OWASP Testing Guide v4. Back to the OWASP Testing Guide v4…
7. What is Anti CSRF Token
How to protect your website using anti-CSRF tokens
Anti-CSRF tokens protect against cross-site request forgery (CSRF) attacks. This article explains the basics of…
8. Common Flags in a Cookie
Common flags on a cookie ? what is httponly flag ? what is the diffrence between httponly flag and secure flag?
Set-Cookie,Expires,Max-Age,Domain,Path,SameSite common flag in a cookie
Securing cookies with httponly and secure flags [updated 2020] - Infosec Resources
Securing cookies is an important subject. Think about an authentication cookie. When the attacker is able to grab this…
9. X-XSS-Protection Header
X-XSS-Protection - HTTP | MDN
The HTTP X-XSS-Protection response header is a feature of Internet Explorer, Chrome and Safari that stops pages from…
What is Content Security Policy (CSP) ? and common use cases of CSP ?
Content Security Policy (CSP) - HTTP | MDN
Content Security Policy (CSP) is an added layer of security that helps to detect and mitigate certain types of attacks…
What is CORS ? How to Exploit Missconfigured CORS? they may ask you about the headers like “Origin”, “Access Control Allow Origin” etc.
3 Ways You Can Exploit CORS Misconfigurations | we45
Before we can answer that, we need a little background. The Same-Origin Policy (SOP) restricted information sharing…
12. Cache Poisoning
Web cache poisoning | Web Security Academy
In this section, we'll talk about what web cache poisoning is and what behaviors can lead to web cache poisoning…
What is SSRF (Server-side request forgery)? Tutorial & Examples | Web Security Academy
In this section, we'll explain what server-side request forgery is, describe some common examples, and explain how to…
14. LFI/RFI and Directory/Path Traversal
Simple question yet very confusing and be sure to understand it thoroughly else you are bound to make some slip-up in this question.
15. What is OAuth?
16. HTTP Request Smuggling
17. Burp Suite Questions
What is Burp Intruder?Attack Types?Sniper/Battering Ram/Pitchfork/Clusterbomb?
Burp intruder attack types
Burp is an intercepting proxy that can be used to test web sites. It has a fuzzing feature called intruder that can…
What is Sequencer?What is Collaborator?
18. Nmap Questions (For Pentesting Roles)
Most Asked Nmap Interview Questions Asked by Big Companies [Updated 2022] - All About Testing
Nmap is the most popular port scanning tool among the cybersecurity community. Nearby each Security Professional used…
Misc Questions — Not too Technical
- Explain the WSDL and SOAP?
- Explain intrusion detection?
- What is the difference between threat, vulnerability and risk?
- Sans Top 25
- OWASP Top 10 Proactive Controls
- What are threat models and what is threat modelling?
For PenTesting Profile the 2 most common questions are
- Given a web app what is your approach to start testing?Basically the interviewer wants to know your methodology.
- Given a page , suppose login page,what are the diff ways you will attack it?
More Interview Questions can me found below:
My Experience during Infosec Interviews.
Hello Everyone, I am going to make some grammar mistakes here, so sorry for that.
GitHub - aershov24/web-security-interview-questions: 🔴 Web Security Interview Questions and…
You could also find all the answers here 👉 https://www.fullstack.cafe/Web%20Security. Answer: Authentication is the…
I knoww , too many questions right? But there is no magic pill when it comes to clearing an interview. After learning all the concepts mentioned above there is 60%–80% chance you will be clearing the interview.
You ask, how do I know this?
I myself have interviewed for a lot of company but the success rate increased drastically when I looked back at the questions that were asked to me.
I had compiled this for my personal use but now it’s for everyone out there who want to make a switch.
All The Best, Guys!!
Let me know your feedback on this.