Web Security Interview Questions
The goal of this document is to provide appropriate questions for HR/Managers to pose to individuals who are applying for web security related positions. These questions do not have right or wrong answers, but rather spark relevant conversation between the applicant and the hiring staff.
Entry Level Questions
1. What do you see as the most critical and current threats effecting Internet accessible websites?
Goal of question – To gauge the applicant’s knowledge of current web related threats. Topics such as Denial of Service, Brute Force, Buffer Overflows, and Input Validation are all relevant topics. Hopefully they will mention information provided by web security organizations such as the Web Application Security Consortium (WASC) or the Open Web Application Security Project (OWASP).
2. What online resources do you use to keep abreast of web security issues? Can you give an example of a recent web security vulnerability or threat?