- What draws you to appsec?
- Explain a situation that you worked with a developer on.
- What is your general process for testing an application, and what can you test for if only given the URL to the login page?
- How do you stay current with the security industry?
- What do you do besides security and technology for fun?
- What are two ways to exploit response splitting?
- How would you fix response splitting?
- How do the git and svn models differ?
- What does git branch -a branchname do?
- What is continous deployment?
- What is your favorite vuln you've found?
- Explain SSRF.
- How do you fix SQLi?
- How do you fix XSS?
- How do you fix DOM XSS?
- What is an Android intent?
- What is the correct way to protect sensitive data in iOS?
- What's the difference between asymmetric and symmetric encryption?
- What threat model does password hashing protect you from?
- If you could implement one defense in an application, what would it be?
- What challenges do developers face that prevent security from being a priority?
Last active
September 2, 2022 00:48
-
-
Save mccabe615/29e1587f5fcd837308f2 to your computer and use it in GitHub Desktop.
AppSec Interview Questions
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment