Secure Coding mailing list archives
Questions asked on job interview for application security/penetration testing job
From: mparsons1980 at gmail.com (Matt Parsons)
Date: Sun, 22 Mar 2009 14:46:13 -0500
Here are the answers that I was given for the following questions by a non-technical recruiter. 1. What are the security functions of SSL? Encryption and authentication 2. What is a 0 by 90 bytes error. Buffer over flow. 3. What is a digital signature, Not what it is? The senders message is encrypted with a sender's private key and attached like a signature to an encrypted message to ensure that the person is who he claims to be. The recipient uses the sender's public key to decrypt the signature. 4. What is the problem of having a predictable sequence of bits in TCP/IP? TCP/IP session hijacking I also thought it was man in the middle attack. 5. What is heap memory? A heap memory pool is an internal memory pool created at start-up that tasks use to dynamically allocate memory as needed. 6. What is a system call? Call from the operating system. 7. what is two factor authentication? Use of something you know, something you have, something you are. Thanks Matt Parsons Matt Parsons, CISSP From: Matt Parsons [mailto:mparsons1980 at gmail.com] Sent: Saturday, March 21, 2009 4:44 PM To: 'Secure Code Mailing List' Subject: RE: Questions asked on job interview for application security/penetration testing job Ladies and gentlemen, I was asked the following questions on a job phone interview and wondered what the proper answers were. I was told their answers after the interview. I was also told that the answers to these questions were one or two word words. In the beginning of next week I will post what they told me were the proper answers. Any references would be greatly appreciated. 1. What are the security functions of SSL? 2. What is a 0 by 90 bytes error. 3. What is a digital signature, Not what it is? 4. What is the problem of having a predictable sequence of bits in TCP/IP? 5. What is heap memory? 6. What is a system call? 7. what is two factor authentication? Thanks Matt Matt Parsons, CISSP Parsons Software Security Consulting, LLC -------------- next part -------------- An HTML attachment was scrubbed... URL: http://krvw.com/pipermail/sc-l/attachments/20090322/562e3c15/attachment.html
Current thread:
- Questions asked on job interview for application security/penetration testing job Matt Parsons (Mar 21)
- Questions asked on job interview for application security/penetration testing job Arian J. Evans (Mar 22)
- <Possible follow-ups>
- Questions asked on job interview for application security/penetration testing job Matt Parsons (Mar 22)