Friday, December 17, 2021

Pentest interview

 First: phone interview and questions

Port numbers, SQL injection attack/remediation, CSRF, XSS, DMZ identification, network pivoting, common exploits, OSI layer, differences between TCP and UDP, phases of IPSEC, phases of SSH negotiation, breaking the logic of the session cookies,

Technical assessment:
a web app that had a couple of vulns

Onion Style tests!

3rd Phases: face to face presentation of the report to the stakeholders

General talk with the directors and managers

Hard and frustrating