3. Techincal: They will ask about a certain vulnerability and then give you examples and ask you create a payload for this. They will also provide you with sample vulnerability reports and ask you to triage them with CVSS. There will be other scenarios like "If this happens, is this a vulnerability? and you will have to explain your answer" How DNS and other backend systems work. In short you will need deep and clear understanding of web applications working as well as vulnerabilities
Included chatting through CV, some technical questions relating to the role, some HR questions, and a technical exercise. The technical exercise was left open and allowed you to discuss the problems in front of you, which meant they were assessing your ability to do a job and have the right mindset rather than know specific technologies.
Secure design of a cloud based application, and finding security vulnerabilities.
Phone call - technical experiences, what tools and languages are you familiar with IQ test, 40 questions in 20 minutes - math, shapes and puzzles
One specific thing they asked was to perform a code review on a Java REST API. I had to identify a Mass Assignment vulnerability where an endpoint was binding request data directly to a persistence entity.
Why are you joining Fortis?
How would I go about engaging engineering teams to accomplish application security goals.
Various attack and defense questions about OWASP top 10 vulnerabilities
High level questions about DNS and networking, it didn't feel like I was expected to be an expert in any of that
They did not ask anything.
Viewing 111 - 120 interview questions