What is Threat Modeling? Which Threat Modelling process you follow? Explain How do you perform threat modeling? What is Application Security Architecture Review? Explain with an example? Application Security Code Review Process? What is your approach in code review? What tools you use in Software composition analysis in your organization? Explain about Security pipelines used in current organization? Which code review tools you use? How much level of manual code review you perform? How do you validate the security issues identified in Code Review Tools? Explain Application Penetration Testing Process? What is your favourite pentesting tool? How you came into developement background? Which is your favourite development language? What all tools developed by you? What type of common vulnerabilities you encounter when performing security code review? Encryption and hashing standards? What is cipher suite? How encryption take place in SSL/TLS handshake? What is your approach when performing security assessment on development frameworks? Have you worked on any SIEM solution? Have you worked on any Monitoring Solutions?
