Some of the questions/topics which i was asked when i was giving interviews for Application/Product Security Engineering roles. I am sure this is not an exhaustive list but i felt these questions were important to be asked and some were challenging to answer. I tried to include the reference resource for some of the questions/topics, feel free to reach out to me on twitter for any feedback/suggestions/discussions.
- Which architecture is more secure? 2 tier or 3 tier
- Explain SSL Handshake
Explain Encryption, Hashing, and Encoding
Recommend XXE mitigation for application which requires external entities to be called because of business requirement
Explain CORS and SOP
Does SOP mitigate CSRF attacks?
Exploiting SSRF attacks
What is web cache deception?
What is HTTP request smuggling?
Explain DOM XSS. Can DOM XSS be stored? Can CSP header mitigate dom based XSS
What will be your testcase for a file upload functionality?
What is HSTS?
Explain SSL Stripping
If you have API calls which need to fetch credentials, what will be the secure way to store secrets and making them available for API calls?
How does file compression work?
Which method is secure? Compress First and then Encrypt the data or Encrypt First then Compress
You have found a vulnerability a product/infrastructure, how will you investigate if this was not exploited already by an attacker
What is SPF, DKIM and DMARC?
Why BlackList < WhiteList
Explain DNS Exfiltration
Explain Log Poisoning using LFI/RFI
Do the HttpOnly cookie and X-XSS-Protection header mitigate cross-site scripting attacks?
How do you exploit XSS in a post request?
Difference: IDOR, Missing function level access control and privilege escalation
How does burp suite work with HTTPs requests?
Is the DNS service’s communication encrypted?
Security implications in DNS
DNS over HTTPs
How does ssh authentication work?
How to create and implement an SSL certificate?
How to verify if a database is encrypted?
If you want a script to use credentials from the system, where will you store the credentials?
In which phase of SDLC should security be integrated?
Explain encryption in Wifi network communication.
What are stateless and stateful requests?
How is the state of a request saved in HTTP?
What data does the shadow file contains?
What is salt in cryptography?
What is Double-Submit Cookie?
What is Preflight request?
What are Certificate Transparency Logs?
What is your favourite vulnerability and why?
Talk about any latest/interesting vulnerability or breach you learnt about.