Home > Common Problem > Real experience sharing: Alibaba Security Engineer (four sides)

Real experience sharing: Alibaba Security Engineer (four sides)

藏色散人
Release: 2023-01-12 14:14:36
forward
2170 people have browsed it

This article will share with you what questions I was asked when I was interviewing for a security position at Alibaba. I experienced a total of one, two, three and HR interviews. Let’s take a look at them together. I hope it will be helpful to friends in need. It’s helpful~

Security Job Interview Series: Alibaba Rookie-Security Engineer

Real experience sharing: Alibaba Security Engineer (four sides)

Timeline:

  • x Delivery Security Engineer

  • x 16 one side

  • x 23 two side

  • x 32 Three sides

  • x 50 HR side

  • x 53 Oral intention

  • x 56 Formal Intention Email

One side

Duration: 30 minutes

  • Self-introduction

  • hw’s responsibilities

  • hw’s achievements

  • Share Interesting case

  • What are the differences between hw’s scores and rules every year

  • Will you dig loopholes other than hw

  • The idea of ​​code audit, the audit process

  • Is the code audit based on Java or PHP

  • Is java used a lot?

  • Java deserialization (differences between fastjson, log4j, and its own deserialization)

  • How to repair java fastjson

  • Repair of java native deserialization (readObject, writeObject)

  • The idea of ​​​​black box penetration testing

  • Logical loopholes in retrieving passwords

  • Have you ever done anything related to development, writing small tools, etc.

  • Understand Alibaba , Rookie?

  • Rhetorical question

二面

Duration: 35 minutes

  • Self-introduction

  • Let me talk about my hw experience this year

  • What is the difference between this hw and previous years? , different from previous years, rules, attack methods, etc.

  • Opinions on data analysis of the supply chain

  • About the code from the perspective of Party A Thoughts on audit

  • Opinions on unauthorized vulnerabilities, from a research and development perspective

  • Recent security incidents and opinions (chat Spring4shell and log4shell)

  • Can you tell me your views on these two (in fact, the interviewer asked about security incidents and opinions, but my answer was inexplicably the principle of the vulnerability. . )

  • Northwestern Polytechnical University attack, what do you think about such a thing

  • What do you think about the Shanghai data leakage incident

  • Talk about your views on the security industry from Party A’s perspective, security measures, security strategies and ideas, etc.

  • What are your own requirements in your career plan? , what do you think if you choose to take the rookie as the offer?

  • Why didn’t you stay in the internship 3

  • Reflective question

Overall, I didn’t ask any technical questions. Most of them were about my views on certain events and issues. The interviewer introduced a lot of Rookie’s operating model, industry, etc., including work routes. The overall interview experience was very good. Good

三面

Duration: 25 minutes

  • Introduce yourself

  • Introduce internship experience and project experience

  • Key points for writing POC, and which products will be written for POC

  • Key points for fingerprint identification

  • What are the key factors when working on a surveying and mapping engine?

  • hw results of internship 3

  • Can you achieve this result? What are the key factors

  • Talk about internship 3

  • Reflective question

## HR interview

Duration: 40 minutes

  • Self-introduction

  • Talk about my views on offensive and defensive drills

  • Let’s talk about the easiest or most common attack types from the defensive team’s perspective during offensive and defensive drills

  • Let’s talk about the level of intention in the workplace

  • Rhetorical question

HR gave a verbal expression of interest 3 days after the interview, and another 3 days later sent a formal letter of intent via email

Recommended study: 《

PHP Video Tutorial》《Java Video Tutorial

The above is the detailed content of Real experience sharing: Alibaba Security Engineer (four sides). For more information, please follow other related articles on the PHP Chinese website!

Related labels:
source:nowcoder.com
Statement of this Website
The content of this article is voluntarily contributed by netizens, and the copyright belongs to the original author. This site does not assume corresponding legal responsibility. If you find any content suspected of plagiarism or infringement, please contact admin@php.cn
Popular Tutorials
More>
Latest Downloads
More>
Web Effects
Website Source Code
Website Materials
Front End Template