Abstract

The author as a beginner of network security, from the perspective of job seekers summed up a little bit about penetration test engineer job interview points for the upcoming graduates (interns and fresh graduates) for reference, in order to better and faster to find a satisfactory job. Summary based on the author of several interview experience, are their own resume (several companies in Guangzhou), no school recruitment. Here is a brief introduction: I have taught myself Web penetration and Android reverse for more than half a year. As a junior college student majoring in computer network, I got to know Web penetration and Android reverse through competitions, and then I got to know network security. Nothing to brag about, nothing to study.

On-site interview preparation

  1. Resume (print more than 3 copies, color), ID card, graduation certificate and other information;

  2. Computer (wireless mouse, power cord, etc.);

  3. Notebook and pen, dress neatly and be punctual (arrive 20 minutes early);

  4. Information about the company (location, company timeline, department, interviewer, etc.).

For phone interviews (technical staff) – watch and read

A. Make an appointment and 15 minutes in advance to find a quiet place with good signal and no one to disturb you. Pay attention to your phone battery;

B. Stand for the telephone interview, smile and record the conversation;

C. A resume, notebook and pen, headphones, etc. (look at the resume);

D. Think of the questions and answers the interviewer will ask, and memorize key points (penetration test ideas, etc.).

Questions asked by the interviewer (Technical staff or department manager +HR)

To introduce myself

1) Refer to your resume

2) Get organized (about three minutes)

A website penetration test ideas, processes (give you a website, how to do?

1) Information collection

  • A. Information about the server (real IP address, system type, version, open port, WAF, etc.)
  • B. Website fingerprint identification (including CMS, CDN, certificates, etc.), DNS records
  • C. Whois information, name, record, email, phone reverse check (email drop social worker database, social worker preparation, etc.)
  • D. Subdomain name collection, side site query (with authorization to infiltrate), section C, etc
  • E. Google hacking targeted search, PDF files, middleware versions, weak password scanning, etc
  • F. Scan the website directory structure, burst the background, website banner, test files, backup and other sensitive files leakage
  • G. Transport protocol, general vulnerability, EXP, Github source code, etc

2) Vulnerability mining

1> Browse the website, see the website size, functions, features, etc

2> Port, weak password, directory, etc

3> XSS, SQL injection, command injection, CSRF, cookie security detection, sensitive information, communication data transmission, violent cracking, arbitrary file upload, unauthorized access, unauthorized access, directory traversal, file include, replay attack (SMS bombing), server vulnerability detection, and finally use miss scan tools

3) the exploit | elevated privileges

Mysql, Serv – U, Linux kernel version, etc

4) remove | output report test data

I Clearing logs and test data

Ii Summary, output penetration test report, attached with repair plan

5) survey

Verify and find new vulnerabilities, output reports, file

Reverse analysis of an APP (give you an APP, how to do?)

  • 1 Code protection detection
  • 2 Data storage security
  • 3 Encryption Algorithm
  • 4 Four components security
  • 5 Application specifications, etc

Describe the principles and methods of penetration of a vulnerability (SQL injection, XSS, CSRF, etc.)

  1. Principles of SQL Injection
  • A. SQL (Structured statement query)
  • B. The place where the parameters are submitted (to call the database query) is controlled by the user without any filtering
  • C. It can be divided into digital type, character type, search type, POST injection, Cookie injection, delay injection, blind injection, etc
  1. SQL injection, injection method

Sqlmap -u “injection point URL”

Sqlmap -u “insert point URL” –data=”post parameter”

If the cookie is forwarded-for, this file is forwarded-for. If the cookie is forwarded-for, this file is forwarded-for. If the cookie is forwarded-for, this file is forwarded-for.

XSS cross-site scripting attacks

  1. XSS principle

The site does not filter the data entered by the user, and the construction of a specific JS script inserted into the text box can trigger XSS, which will be parsed by the browser and executed

  1. XSS common attack statements
"><BODY><" "><svg /onload=prompt(1)><" "><IMG SRC="javascript:alert('XSS');" ><" "><img src=" "=" "onerror="alert('xss')"><" "><script>alert(document.cookie)</script><"Copy the code

A programming language

1. Programming ability of Python, JAVA, algorithm, binary and so on (I have not learned it yet, so I will not go into it further)

2, ARM assembly (basic assembly instructions, registers, etc.)

WAF bypass

1, the keyword can be % (IIS series only). For example, select sel%e%ct

2, inline comments, such as /! select/

3, code, can be coded twice

4. Multipart request bypass by adding an upload file to the POST request, bypassing most WAFs

Id =1&id=1

6. Inline comments

Using Kali (Linux)

  • Whatweb fingerprint identification
  • Dirb Directory scanning
  • Whois whois query
  • Wireless attack suite
  • Dictionary generator suite
  • Blasting tools

Submitted vulnerabilities

Vulnerability submission platforms at home and abroad, SRC, etc

Other advantages

  1. Research on emerging technologies (IOT security, blockchain, artificial intelligence, machine learning, etc.)
  2. Personal blog (original articles), contributions, contacts, security summit, security research Paper, security issues sharing, etc
  3. Competition (CTF, team competition, etc.), offline training
  4. School experience (awards, individual projects, team activities, student leader, etc.)
  5. Cet-4, CET-6

Technical books read (Ways to Learn)

“White Hat on Web Security”, “ios Application Reverse Engineering – 2nd edition”, “Encryption and Decryption – 3rd Edition”, “Assembly Language – 2nd Edition”, “OWASP-MSTG”

Questions to ask your interviewer

Q1 Your company, the size of the information security department, development, etc

Q2 Job responsibilities, content, business trip, time, etc

Q3 Labor contract (intern signing tripartite agreement and formal employment), whether solve the account

Q4 Salary (after tax), bonus, stock options, benefits, activities, etc

The interview summary

  1. Take notes of the interviewer’s questions and your answers
  2. Leak fill a vacancy
  3. harvest
  4. Pass or not, next interview or report entry time

Kind-hearted people will not be stingy hands of praise, in return I will collect the network security interview information and book notes free to share with you, please get on my home page.