From the start of submitting resumes in March to getting the offer, the more than one month spring recruitment is basically over. Since I don't find much experience on mobile security on the Internet, I wrote this article in the hope that it will be helpful to others.
Tencent
The first interview call I received was from Tencent. On the one hand, the interviewer heard a very young voice. The security questions mainly asked about the understanding of vulnerabilities in the app and how to detect whether there are vulnerabilities in the app. To test Taobao, how should you do it, because you only answered how to test at that time, the interviewer continued to ask what else should be done besides testing..... Then he asked about the understanding of some header parameters of http, x-forward- What is for and how to prevent it. Then he asked me how I learned about data structure. To be honest, I was quite confused at the time, because I read their security experience before, and they didn't ask about data structure and computer network (probably because I There is nothing in the resume?) Fortunately, about the data structure, I only asked about the binary tree and some search questions, and these happened to be forgotten... Finally, the interviewer asked me to talk about two recent big events in the security circle.. Emmm did not understand ..
I thought that one side was basically cold, but I didn't expect it to let me enter the second side. On the second interview, the interviewer felt a sense of majesty when listening to the voice, and it was very stressful during the interview. I asked about my project experience. Maybe because the project is too simple, the interviewer has no interest in asking questions. After that, I stopped asking technical questions and instead asked some questions about how to learn in general. Compared with others Where are your advantages, why do you want to enter Tencent, etc.
After a few days, I saw on the official account that this position is not suitable for you... Cool... I feel that Tencent is still not fully prepared, and the opportunity to approve in advance is wasted. Tencent's written test has few questions about mobile security, only a few compilation questions, so I feel that Tencent's approval in advance is still very important, and I hope to grasp it well.
Green League
In fact, NetEase and the Green League are interspersed, but because the Green League gave the offer first, let’s talk about the Green League first.
I voted for NSFOCUS's penetration testing intern on BOSS Direct Employment. In fact, I was still very uncertain before I voted. After all, I have little exposure to penetration testing. If I do this in the future, I will definitely learn from scratch. On the other hand, I asked about the TCP three-way handshake, the seven-layer model of computer networks, the five-layer model, how ptrace implements injection, the red-black tree, the encryption algorithm you know, whether base64 is an encryption algorithm, and how to generate an encryption algorithm when using the RSA encryption algorithm. Basic problems such as large prime numbers and tossing and turning, but in the end, I still asked about the principle and prevention of SQL injection in the web.
The interviewer on the second side is the technical director. The first question is how to detect a task given by the manufacturer. At that time, the concept has not changed.. I have been answering how to test the app, and the interviewer has been guiding and answering not only to test the app but also the server... The rest of the questions are mainly about personal quality and learning ability. The problem.
What I didn't expect was that there was no HR interview. Maybe the technical director asked all HR questions hahaha. After a while, HR directly told me that I was accepted, but because I chose Jinan as my work place.. So Salary is low...
NetEase
NetEase came up with a whim one night.. I found an internal push code on Zhihu and voted for NetEase's mobile security intern. Maybe this is fate...
Most of the multiple-choice questions in the written test of NetEase’s position are some programming questions and Android development questions. There are three programming questions. The first question is game reverse and how to protect it, and the second is Alipay clone vulnerability.
NetEase's interviews are held offline, usually two rounds of technical interviews and one HR interview, and these three rounds of interviews are completed within one day. Because the maximum reimbursement is only 600 yuan, the high-speed rail is really unaffordable, and I can only choose to take the 22-hour train to Hangzhou. Because of the previous interview with NSFOCUS and Tencent, I probably knew what I might ask, and went through the data structure, computer network, and operating system again on the train.
I arrived at the interview place an hour earlier. What I didn't expect was that the interviewer also came earlier. The interview originally started at 1:30. When I introduced myself, the interviewer looked at the resume for a little while, and then asked me to introduce the project. After that, he asked what technology I had learned was the most technically in-depth, and then talked about shelling, because my resume contained The winner of the information security triathlon individual competition, I asked about the competition experience, whether you have any understanding of the reverse of the game, etc. The two-sided question probably only remembers that the data structure asked Hill sort and how to judge the existence of a ring in a singly linked list. The computer network asked the difference between TCP and UDP, and talked about the process of TCP three-way handshake. The operating system asked the difference between process and thread. How to control when multiple threads access the same resource, the reverse side asks how to protect the program's dex and so files.
Because I have never had an HR interview before, I searched the Internet for questions that HR might ask after learning that I still had an HR interview. At that time, maybe because other people were in a hurry, the HR interview was pushed back all the time, and I didn’t sleep on the train. Well, I was about to fall asleep when I was waiting, so I could only keep walking around to save myself from falling asleep....hahh, a small part of the questions asked during the HR interview were seen on the Internet, such as in Have you ever had a different opinion with your teacher or other people when you were studying? Because you have already thought about how to answer while you were waiting, so the answer is okay.
finally
The process of waiting for the news is always torturous. Fortunately, I received a verbal offer from HR at noon yesterday. I went to Hangzhou for more than 40 hours by train back and forth. I was physically and mentally exhausted. When I got an offer from NetEase, I planned to push the interviews of other companies away.....
If you want to enter Didi, you can play DDCTF. Judging from the competition in the past two years, Didi still attaches great importance to mobile security. This year's competition deliberately pulls out one of the Android orders, and this year's top 30 all have offers. There is still a good chance. Finally, I hope everyone can get their favorite offer~