CORS Cross Site Request Forgery Information Leakage & Improper Error Handling OWASP Top 10 Session Management Web Application Security Web Server Misconfiguration

Web Application Security – Interview Questions

Written by Ishan Girdhar

Web Application Security – Interview Questions

We all come across a time in life when we seek out opportunities and that is when we realize its time to brush up our fundamentals of Web Application Security. Here is quick list of questions for you, to revisit while preparing for interviews:

Question 1:  You are viewing a page from which makes a XHR request ( to What will happen if doesn’t support CORS?

Question 2: How is SSL and TLS is different?

Question 3: How SSL handshake happens?

Question 4: What all algorithms, ciphers are used for public key/private key and shared key.

Questions 5: Different types of XSS?

Question 6: What are different Sources and Sinks in DOM XSS ?

Questions 7: How do you prevent XSS?

Question 8: How would you prevent DOM based XSS?

Question 9: How input validation and html encoding will stop DOM based XSS?

Question 10: Content Security Policy headers values, quote few examples?

Questions 11: How would you initiate manual security code review of Java applications?

Of course there can be hundreds of questions based on web application security, but these are one’s I found to be commonly asked during interviews

let me know in the comments below if you would like to add a specific relevant question that can help anyone going through web application security interviews.


– Break things like a pro. Be a Security Ninja

About the author

Ishan Girdhar

OSCP Certified, Infosec Consultant/Penetration Tester/Adrenaline Junkie/Influential Speaker/Pythoneer/traveler/Blogger/Social Engineer/Science Lover & husband.

By continuing to use the site, you agree to the use of cookies. more information

The cookie settings on this website are set to "allow cookies" to give you the best browsing experience possible. If you continue to use this website without changing your cookie settings or you click "Accept" below then you are consenting to this.