Real experience sharing: Alibaba Security Engineer (four sides)

This article will share with you what questions I was asked when I was interviewing for a security position at Alibaba. I experienced a total of one, two, three and HR interviews. Let’s take a look at them together. I hope it will be helpful to friends in need. It’s helpful~

Security Job Interview Series: Alibaba Rookie-Security Engineer

Timeline:

• x Delivery Security Engineer

• x 16 one side

• x 23 two side

• x 32 Three sides

• x 50 HR side

• x 53 Oral intention

• x 56 Formal Intention Email

One side

Duration: 30 minutes

• Self-introduction

• hw’s responsibilities

• hw’s achievements

• Share Interesting case

• What are the differences between hw’s scores and rules every year

• Will you dig loopholes other than hw

• The idea of ​​code audit, the audit process

• Is the code audit based on Java or PHP

• Is java used a lot?

• Java deserialization (differences between fastjson, log4j, and its own deserialization)

• How to repair java fastjson

• Repair of java native deserialization (readObject, writeObject)

• The idea of ​​​​black box penetration testing

• Logical loopholes in retrieving passwords

• Have you ever done anything related to development, writing small tools, etc.

• Understand Alibaba , Rookie?

• Rhetorical question

二面

Duration: 35 minutes

• Self-introduction

• Let me talk about my hw experience this year

• What is the difference between this hw and previous years? , different from previous years, rules, attack methods, etc.

• Opinions on data analysis of the supply chain

• About the code from the perspective of Party A Thoughts on audit

• Opinions on unauthorized vulnerabilities, from a research and development perspective

• Recent security incidents and opinions (chat Spring4shell and log4shell)

• Can you tell me your views on these two (in fact, the interviewer asked about security incidents and opinions, but my answer was inexplicably the principle of the vulnerability. . )

• Northwestern Polytechnical University attack, what do you think about such a thing

• What do you think about the Shanghai data leakage incident

• Talk about your views on the security industry from Party A’s perspective, security measures, security strategies and ideas, etc.

• What are your own requirements in your career plan? , what do you think if you choose to take the rookie as the offer?

• Why didn’t you stay in the internship 3

• Reflective question

Overall, I didn’t ask any technical questions. Most of them were about my views on certain events and issues. The interviewer introduced a lot of Rookie’s operating model, industry, etc., including work routes. The overall interview experience was very good. Good

三面

Duration: 25 minutes

• Introduce yourself

• Introduce internship experience and project experience

• Key points for writing POC, and which products will be written for POC

• Key points for fingerprint identification

• What are the key factors when working on a surveying and mapping engine?

• hw results of internship 3

• Can you achieve this result? What are the key factors

• Talk about internship 3

• Reflective question

## HR interview

• Self-introduction

• Talk about my views on offensive and defensive drills

• Let’s talk about the easiest or most common attack types from the defensive team’s perspective during offensive and defensive drills

• Let’s talk about the level of intention in the workplace

• Rhetorical question

PHP Video Tutorial》《Java Video Tutorial》

The above is the detailed content of Real experience sharing: Alibaba Security Engineer (four sides). For more information, please follow other related articles on the PHP Chinese website!