Simple things, regarding to Web Application Penetration Testing, usage of Interceptor Proxies. Etc.
Ethical Hacker Interview Questions
60 ethical hacker interview questions shared by candidates
Me preguntaron respeto mis pretensiones de renta y mis áreas de intereses, a demás de lugares o sectores donde me gustaría trabajar.
1. Briefly describe the OWASP Top 10
If a doctor gives you three pills, telling you to take one every half hour, how many minutes will pass from taking the first pill to the last pill?
You are performing a pentest on a web application for an external client. During the enumeration phase, you discover that regular users can access hidden sections within the application which should be available only to administrators. For example, if you browse directly to the URL: https://example.com/admin you get access to all information and functions for which only admins should be allowed to access because this page or link is not disclosed anywhere on a regular user page. Now that you found this issue, can you showcase how would you present this issue in the official report which will be presented to the client, starting with the Risk Level, Vulnerability Name, Issue Description, Additional Notes, if you need them, and your recommendation on how this issue can be solved.
What is Apache Log4J vulnerability? Which injection points would you try to verify if an application is vulnerable to it during a pentest?
Can you crack offline the secret of a JWT token which is using the signing algorithm RS256? If so, how? If not, why?
What is an XMAS scan attack? Can you provide the nmap syntax to perform this scan?
Which authentication protocols are implemented by default in Azure Active Directory?
Piden definir cada concepto o tecnologia que tienes en tu CV al detalle. Piden que nombres la totalidad de recursos de las tecnologías. Si se te ocurriera mover los ojos, te van a preguntar si estas haciendo trampra. Además, te ghostean.
Viewing 1 - 10 interview questions