AIA Interview

面试问题 1. IV要求? The Initialization Vector (IV) is an unpredictable random number used to make sure that when the same message is encrypted twice, the ciphertext always different. It should be exchanged, in public, as part of the ciphertext. It has to be random, and an adversary shouldn’t be…

Common Ports

TCP port 21 — FTP (File Transfer Protocol) TCP port 22 — SSH (Secure Shell) TCP port 23 — Telnet TCP port 25 — SMTP (Simple Mail Transfer Protocol) TCP and UDP port 53 — DNS (Domain Name System) TCP port 443 — HTTP (Hypertext Transport Protocol) and HTTPS (HTTP over SSL) TCP port 110 — POP3…

AIA Interview Preparation

Terminology What is Web Application Security Testing? A security test is a method of evaluating the security of a computer system or network by methodically validating and verifying the effectiveness of application security controls. What is a Vulnerability? A vulnerability is a flaw or weakness in a system’s design,…

Deloitte Interview

德勤面试回顾 其中提问包括: Log forging & mitigation Mobile local storage, what should you look for? How would you look for? XML External Entity attack & mitigation vulnerability assessment & pen-testing differences? Keychain what would you look for? How to find key in keychain? 1. Vulnerability assessment 与 Pen-testing的不同 Vulnerability Assessment 是使用自动化扫描工具(…

Deloitte Interview Preparation

General Headers Connection: Keep Alive Content-Encoding: gzip Content-Length Content-type Transfer-Encoding Request Headers Accept: image types Accept-encoding Authorization Cookie Host If-Modified-Since If-None-Match Origin Referer User-Agent Response Headers Access-Control-Allow-Origin Cache-Control: no-cache ETag Expires Location Pragma: no-cache Server Set-Cookie WWW-Authentication X-Frame-Options Cookies A server issues a cookie using the Set-Cookie response header Set-Cookie:…

Unity Interview Questions

Cookie-based XSS How do you do a write-up The process how could you handle a pentest against a Web App For Session Management related testing, what kind of tests would you perform? Let me know how RoR handles session management Tell me HTTP methods Client Side Session Storage How to…

Unity Interview Preparation

1. Distributed Systems Security (CIA) is a primary concern when data leaves your network Proper provisioning (user setup) AAA and disaster recovery are issues Be sure your data is segmented and encrypted at rest and in motion Cloud computing: Hosted Infrastructure (laaS) - Virtualized servers and disk storage Hosted platforms…