Common Web Application Security Interview Questions ( VAPT )

Below are some of the common questions asked in interviews for web app pentesters or VAPT.

1. What is the last vulnerability you have found?
2. Which part of OWASP 2021 does privilege escalation come in?
3. If I gave you example.com for peforming a web app pentest, what will your methodology be?
4. Does SQL injection occur in referrer header?
5. How do you prevent Android apps from being decompiled?
6. How do you prevent DOS and DDOS attacks
7. What is difference between DOS and DDOS?
8. What is difference between Information Security and Cybersecurity?
9. What does referrer header do?
10. What is difference between Black box, Gray Box and White box testing?
11. Do you follow any methodology for source code review?
12. What tools have you used for source code reviews?
13. How do you mitigate CSRF vulnerabilities?
14. What methods you would suggest to prevent XSS vulnerabilities