🗒️ A [work-in-progress] collection for interview questions for Information Security roles
A collection for interview questions for Information Security roles
If you had to both encrypt and compress data during transmission, which would you do first, and why?
What could attackers do with HTTP Header Injection vulnerability?
Describe the last program or script that you wrote. What problem did it solve?
How would you implement a secure login field on a high traffic website where performance is a consideration?
What are the various ways to handle brute forcing?
What is Cross-Site Request Forgery? And how to defend against it?
<img>
) points to a URL with an associated action, e.g. https://foo.com/logout
What is Cross-Site Scripting? What are the different types of XSS? How to defend against XSS?
How does HTTP handle state?
What's the difference between encoding, encryption, and hashing?
Does TLS use symmetric or asymmetric encryption?
Describe the process of a TLS session being set up when someone visits a secure website.
hello
message that lists cryptographic information, such as SSL/TLS version and the client's order of preference of cipher suites. The message also contains a random byte string that is used in subsequent calculations. Client may include data compression methods in the hello
message as well.hello
message that contains the cipher suite chosen by the server, the server's digital certificate, and another random byte string. If the server requires client certificate authentication, the server will also send client certificate request
to the client.finished
message encrypted with the calculated secret keyfinished
message encrypted with the calculated secret keyHow is TLS attacked? How has TLS been attacked in the past? Why was it a problem? How was it fixed?
What is Forward Secrecy?
Describe how Diffie-Hellman works.
Are open source projects more or less secure than proprietary projects?
Who do you look up to in the Information Security field? Why?
Where do you get your security news from?