App Sec / Pentest Experienced Interview Questions (2–6 yrs)

MrCatalyst
5 min readJan 25, 2022

--

I have given a lot of interviews, almost 50 more or less and before all the interviews I used to study and refresh all the concepts but never did I found a resource which had all the collection of questions for exp candidates.

Photo by LinkedIn Sales Solutions on Unsplash

Which forced me to collect and create my own list of app sec / pentest interview questions that I encountered through all of my interviews and I would like to share it with you guys, so that just by going through all the questions/topics mentioned in this post you will be able to prepare better for your upcoming interview.

I am deliberately not writing the answers as it will make the whole blog post very dense but will add the link to the resource for some questions that I found the most useful and clear to grasp.

Just an FYI, If you are new to Infosec It might take you weeks to learn all the answers but to someone already in the field , it should not take more than 1–2 days to brush up on these questions and be ready for the interview.

Let’s start with some light WARM-UP questions:

  1. OWASP Top 10 (mandatory)

2. SQLi/XSS/Password Spraying/Clickjacking etc etc ,Basic understanding of the following class of would be enough.

3. OSI Model and It’s Layers (extra layer of prep is to remember the protocols used in each layer), trick question here could be asking for the port number for the ICMP Protocol (Ping Protocol) https://networkengineering.stackexchange.com/questions/37896/ping-port-number

After you have answered the simple definition or explanation of the above, comes the fun and interesting part, where the interviewer would like to deep dive into the any of the following topics:-

  1. XXE Injection(XML External Entity Injection)

Types of XXE — In Band XXE/Error XXE/Out Of Band XXE (Blind XXE)

How to detect XXE?How to Avoid XXE Vulns?How dangerous is XXE?

XXE to RCE

2. CSRF

3. XSS

What is XSS ? Types of XSS ? Difference between DOM Based XSS & Reflected XSS ? What is DOM in DOM Based XSS ? Recommendations for XSS ?

In XSS — DOM based XSS was the most frequently asked in interview(s) , interviewer just love this question so here you go the best explanation
https://medium.com/iocscan/dom-based-cross-site-scripting-dom-xss-3396453364fd

4. Session Fixation

What is session fixation attack ? Recommendations ?

5. Insecure Deserialization

What is Insecure Deserialization, How to Detect them in Black box & white box Testing and Recommendations ?What can be the result of insecure deserialization?How to avoid insecure deserialization?

Insecure Deserialization to RCE

6. IDOR

What is IDOR ? Diffrence between IDOR and Missing Function Level access control ? Recommendations ?

7. What is Anti CSRF Token

8. Common Flags in a Cookie

Common flags on a cookie ? what is httponly flag ? what is the diffrence between httponly flag and secure flag?

Set-Cookie,Expires,Max-Age,Domain,Path,SameSite common flag in a cookie

9. X-XSS-Protection Header

10. CSP

What is Content Security Policy (CSP) ? and common use cases of CSP ?

11. CORS

What is CORS ? How to Exploit Missconfigured CORS? they may ask you about the headers like “Origin”, “Access Control Allow Origin” etc.

12. Cache Poisoning

13. SSRF

14. LFI/RFI and Directory/Path Traversal

Simple question yet very confusing and be sure to understand it thoroughly else you are bound to make some slip-up in this question.

15. What is OAuth?

https://www.varonis.com/blog/what-is-oauth

16. HTTP Request Smuggling

17. Burp Suite Questions

What is Burp Intruder?Attack Types?Sniper/Battering Ram/Pitchfork/Clusterbomb?

What is Sequencer?What is Collaborator?

18. Nmap Questions (For Pentesting Roles)

Misc Questions — Not too Technical

  1. Explain the WSDL and SOAP?
  2. Explain intrusion detection?
  3. What is the difference between threat, vulnerability and risk?
  4. Sans Top 25
  5. OWASP Top 10 Proactive Controls
  6. What are threat models and what is threat modelling?

For PenTesting Profile the 2 most common questions are

  1. Given a web app what is your approach to start testing?Basically the interviewer wants to know your methodology.
  2. Given a page , suppose login page,what are the diff ways you will attack it?

More Interview Questions can me found below:

https://www.janbasktraining.com/blog/security-testing-interview-questions/#

I knoww , too many questions right? But there is no magic pill when it comes to clearing an interview. After learning all the concepts mentioned above there is 60%–80% chance you will be clearing the interview.

You ask, how do I know this?
I myself have interviewed for a lot of company but the success rate increased drastically when I looked back at the questions that were asked to me.
I had compiled this for my personal use but now it’s for everyone out there who want to make a switch.

All The Best, Guys!!
Let me know your feedback on this.

--

--