Infosec Entry level Interview Questions 101 ππ
PS: These are the list of questions I have come across and questions faced by my students in their interviews.
Feel free to add more below π
1. What is your fav OWASP Top 10 bug
2. Explain your methodology?
#infosec #bugbounty
PS: These are the list of questions I have come across and questions faced by my students in their interviews.
Feel free to add more below π
1. What is your fav OWASP Top 10 bug
2. Explain your methodology?
#infosec #bugbounty
3. CSRF vs SSRF
4. What can an attacker do with XSS
5. Requirements of CSRF to happen
6. Root cause of Clickjacking
7. What is diff between SAST & DAST
8. Black/White/Grey Box Testing
9. What is threat, vulnerability, risk
10. What is CIA Triad
11. What are cookie attributes
4. What can an attacker do with XSS
5. Requirements of CSRF to happen
6. Root cause of Clickjacking
7. What is diff between SAST & DAST
8. Black/White/Grey Box Testing
9. What is threat, vulnerability, risk
10. What is CIA Triad
11. What are cookie attributes
12. What are most common business logic issues?
13. Question on Burpsuite Tabs
14. What are your fav open source tools?
15. How will you protect against ransomware?
16. What is XXE attack, explain any payload?
17. SSRF and what can be achieved?
18. How can we fix SQLi
#infosec
13. Question on Burpsuite Tabs
14. What are your fav open source tools?
15. How will you protect against ransomware?
16. What is XXE attack, explain any payload?
17. SSRF and what can be achieved?
18. How can we fix SQLi
#infosec
19. How will you test a static web app?
20. Any paid tools you wish to use and recommend us in organisation?
21. Any modifications you want to make in wasp which and why?
22. Encryption vs Hashing vs Encoding
23. Any new CVE/ Zero Day u have heard about?
#infosec #bugbounty #hack
20. Any paid tools you wish to use and recommend us in organisation?
21. Any modifications you want to make in wasp which and why?
22. Encryption vs Hashing vs Encoding
23. Any new CVE/ Zero Day u have heard about?
#infosec #bugbounty #hack
24. What are supply chain attacks
25. What is nmap and its commands
26. SMTP Attacks
27. If you were appointed to revamp or network how will you (Scenario based)
28. If you have to work with senior testers and they said a wrong statement how will you react?
29. Explain DNS OOB
25. What is nmap and its commands
26. SMTP Attacks
27. If you were appointed to revamp or network how will you (Scenario based)
28. If you have to work with senior testers and they said a wrong statement how will you react?
29. Explain DNS OOB
30. Explain #printnightmare ?
31. How can you find deserialisation issues ?
32. What programming language you code? (if any)
33. Approach while testing a Mobile App
34. Approach while testing a Thick/Thin client
35. How will you contribute to start a #bugbounty program for us?
31. How can you find deserialisation issues ?
32. What programming language you code? (if any)
33. Approach while testing a Mobile App
34. Approach while testing a Thick/Thin client
35. How will you contribute to start a #bugbounty program for us?
36. What is Recon?
37. How will you test a target if only the name is given, explain step by step?
38. Have you ever heard about Red & Blue Teams?
39. What to do you understand by compliance?
40. Explain diff ways of data leakages in organisations?
37. How will you test a target if only the name is given, explain step by step?
38. Have you ever heard about Red & Blue Teams?
39. What to do you understand by compliance?
40. Explain diff ways of data leakages in organisations?
β’ β’ β’
Missing some Tweet in this thread? You can try to
force a refresh
γ
