Web Application Security – Interview Questions
We all come across a time in life when we seek out opportunities and that is when we realize its time to brush up our fundamentals of Web Application Security. Here is quick list of questions for you, to revisit while preparing for interviews:
Question 1: You are viewing a page from alice.com which makes a XHR request ( to bob.com). What will happen if bob.com doesn’t support CORS?
Question 2: How is SSL and TLS is different?
Question 3: How SSL handshake happens?
Question 4: What all algorithms, ciphers are used for public key/private key and shared key.
Questions 5: Different types of XSS?
Question 6: What are different Sources and Sinks in DOM XSS ?
Questions 7: How do you prevent XSS?
Question 8: How would you prevent DOM based XSS?
Question 9: How input validation and html encoding will stop DOM based XSS?
Question 10: Content Security Policy headers values, quote few examples?
Questions 11: How would you initiate manual security code review of Java applications?
Of course there can be hundreds of questions based on web application security, but these are one’s I found to be commonly asked during interviews
let me know in the comments below if you would like to add a specific relevant question that can help anyone going through web application security interviews.
– Break things like a pro. Be a Security Ninja