Below are some of the common questions asked in interviews for web app pentesters or VAPT.
- What is the last vulnerability you have found?
- Which part of OWASP 2021 does privilege escalation come in?
- If I gave you example.com for peforming a web app pentest, what will your methodology be?
- Does SQL injection occur in referrer header?
- How do you prevent Android apps from being decompiled?
- How do you prevent DOS and DDOS attacks
- What is difference between DOS and DDOS?
- What is difference between Information Security and Cybersecurity?
- What does referrer header do?
- What is difference between Black box, Gray Box and White box testing?
- Do you follow any methodology for source code review?
- What tools have you used for source code reviews?
- How do you mitigate CSRF vulnerabilities?
- What methods you would suggest to prevent XSS vulnerabilities
