Real experience sharing: Information security engineer of "Du Xiaoman"

This article will share with you what questions I was asked when interviewing Du Xiaoman Information Security Engineer (Financial Security Department). I experienced one, two, and three interviews in total. Let’s take a look at it together. I hope it will be helpful to you. Friends in need can help~

Security Job Interview Series Du Xiaoman-Information Security Engineer-Financial Security Department

Timeline:

• x Delivery

• x 15 one side

• x 15 two sides

• x 28 Three sides

• x 51 HR communication

• x 83 oc

One side

Duration: 25 minutes

• Self-introduction

• Let’s talk about 0day

• Have you submitted to any platform?

• Let’s talk about undergraduate major

• Have you ever made a website in java development? What framework is used?

• What language is generally used for code audit?

• What language is used for code audit? Do you need to review the tools first?

• Dangerous functions of php

• What tools were used during the audit

• How to deal with encrypted source code

• Internship experience of internship 3

• Performance appraisal of internship 3

• Why you left your job

• Internship experience of Internship 2 (Party B Anfu)

• What projects in Internship 2 left a deep impression on you Impression, or your emergency response experience of

• Internship 1 (Party A’s Blue Team)

• Tracing experience

• Do you use Python a lot?

• Will the POC be audited for 1 day?

• Reflective question

二面

Duration: 40 minutes

• Introduce yourself

• Which areas of web security are you generally familiar with?

• Let’s talk about LFI (local file inclusion)

• Let’s talk about sql injection ( Category)

• Let’s talk about Boolean blind injection

• Let’s talk about delayed blind injection

• mysql In addition to sleep, what other functions can be used

• rce of the database

• How to read and write files in mysql

• Do you know the traceability of mysql file reading (mysql honeypot)

• Is there any other way to execute the command of sql server besides xp_cmdshell

• rce of h2 database

• Have you paid attention to mysql 8? What features can be used

• Have you ever explored the framework and middle SQL injection of files

• The difference between precompilation and parameter binding (precompilation is at the database operation level, parameter binding is at the code level)

• Experience of Internship 2

• What did Java Expression Engine study

• Internship Experience of Internship 3

• 大hw’s achievements

• 0day chat

• How to audit java code audit

• How to find unauthorized access vulnerabilities

• java deserialization principle

• Various utilization postures of cc chain

• How to find available chains in a java project

• The specific process of java reflection

• java dynamic proxy

• How to use the reflection of log4j

• How to find the use chain after getting the shiro key

• ##Yes Is there anything I didn’t ask just now?

• Do you have any plans for a safe road in the future?

• Reflective question

三面

Duration: 40 minutes

• Introduce yourself

• Use three words to describe yourself

• What supports you to achieve some of today’s achievements

• After choosing this What did you think when you set out on your own path?

• Plans for your future work

• Plans for your technology

• Do you think your curiosity is strong?

• The most regretful thing and the most fulfilling thing in the past 20 years

• How do you think about the two words "things depend on people, and things depend on people, and things depend on heaven"

• How do you think about step-by-step, step-by-step, do you think this is the best solution to the matter

• Have you ever done anything illegal

• Have you ever made a promise to others and then failed to keep it

• What would you do if your team was at a competitive disadvantage

• What would you do if someone in the team was the type you disliked

• What would you do if there are things or tasks you don’t want to do?

• When you accept a brand new task, how would you evaluate the difficulty of the task

• Has the company where I interned before sent an offer?

• Reflective question

HR asked about it during communication Du Xiaoman’s interest level, the offer in hand, and then talking about salary in the middle or late period, it does not count as an interview

Recommended learning: "PHP Video Tutorial" "Java Video Tutorial" "mysql Video Tutorial" "Python Video Tutorial"

The above is the detailed content of Real experience sharing: Information security engineer of "Du Xiaoman". For more information, please follow other related articles on the PHP Chinese website!