foreword
I have summed up the experience sharing of security recruitment interviews through dictation by my friends. I hope more people will read this article, get inspiration from it, and find their favorite jobs.
basic situation
The three parties who signed the byte, the autumn move finally came to an end. I have gone through a lot from preparing for autumn recruitment while doing an internship in August. This post summarizes the efforts of the past few months.
I am an ordinary undergraduate cyberspace security major, have not participated in any competitions, and have no papers. The main reason is that the university is really a bit messy, and I don't want to participate in the competition. Don't learn from me. Having competition experience will add color to your ability and resume, and you can also get the interviewer's favor during the interview. Therefore, if you have the ability, you should participate in more competitions, such as CTF competitions, net protection operations, etc.
When I went out for an internship in my junior year, I found a security penetration job. After a period of internship, I have experience, haha. During the internship, no one was waiting for you, and the project manager directly gave orders to study intensively for eight hours a day. I had poor self-discipline and didn’t know where to start, so I signed up for a class and worked for a few months later. A small personal workshop, I thought I would go to a bigger company to take a look, so I resigned and started preparing for autumn recruitment.
Autumn recruitment preparation
I first voted for some early approvals and some small companies as preparations for autumn recruitment
After that, I summed up the knowledge points of the interview in addition to the internship, and also summed up the experience in the continuous interviews, checked for omissions and filled in the gaps, and finally summarized about 2W words of notes, and those who need them can get them at the end of the article.
Autumn recruitment delivery and summary
Spread the net widely, and basically all companies with security positions have delivered. They are mainly divided into two directions. Internet companies and financial securities banks are all Party A companies, and safe Party B did not invest.
Early approval generally starts in August, and formal approval in September
The results are sorted by offer, hr face, and pending
one side
-
Self introduction
-
What is the HTTPS protocol added to HTTP?
-
The handshake process of the TLS protocol?
-
After the third step is sent, how does the client know that the other party has successfully decrypted it?
-
The process of TCP three-way handshake
-
Principles and Defenses of SQL Injection
-
More complicated SQL search statement?
two sides
-
Introduce the principle of SSRF vulnerability?
-
How to use SSRF for privilege escalation? Get a shell?
-
CSDN's XSS vulnerability mining process?
-
How does SQL injection work?
-
What are the current ways to defend against SQL injection?
-
Which SQL statements cannot be precompiled?
-
How does SQL injection determine the injection point?
-
It is known that example.com/?id = 1, it is mysql, how to get the version of mysql?
-
What to do when there is no echo? ceye dnslog takeaway
-
What about takeout?
-
The principle of CSRF?
-
How to attack CSRF when using POST request? hide form
-
Not a form?
-
Let you write a CSRF attack plug-in, how do you write it? What modules are included?
-
The principle of SSRF?
-
Let you write an SSRF plug-in, how do you write it?
## Autumn Recruitment Summary
1. Be sure to deliver as soon as possible! ! ! Be sure to deliver early! ! ! Be sure to deliver early! ! ! Say important things three times. Some large factories began to approve in advance in July. Early approval can not only avoid the written test, but also have an additional interview opportunity to accumulate experience. There are usually a lot of hcs for early delivery. Moreover, some companies do not have a unified ranking evaluation, but face to face one by one. So be sure to invest in the sea.
2. Questions for security engineers to prepare for interviews. After interviewing so many companies, I found that, in fact, security engineers are not like some development posts, and the stereotype questions are very in-depth (except for security development).
You only need to have a firm grasp of basic knowledge such as computer networks, operating systems, and databases. Pay more attention to security knowledge, especially related to vulnerabilities. Must be familiar with various vulnerability principles, detection methods and repair methods. It is also very important to be familiar with the actual combat environment. Whether it is an internship or hw, or your usual target drone practice, there must be at least one.
In addition, if the security knowledge is comprehensive, including but not limited to penetration testing, mobile security, intranet penetration, sdl construction, reverse engineering, etc., although you may only do one of the directions after work, you will get extra points during the interview. In addition, the security engineer will not test the tearing algorithm particularly deeply during the interview, it is very basic, and some companies do not even know how to tear it by hand, so don’t worry too much about it.
3. After the interview, it is necessary to summarize the questions of this interview. It is best to make notes to summarize the knowledge points. After more interviews, you will be able to feel like a fish in water
4. Keep a good attitude. It is normal to get hung up on your resume or interview, especially the first few interviews. The reason for the hangup is not necessarily entirely your problem, it may also be that the position is not well matched; or even if you are excellent, but there are few HCs, there are people who are better than you.
This full version of the network security learning materials and notes has been uploaded. If you want friends, you can scan the CSDN official certification QR code below on WeChat to get it for free [Guaranteed 100% free]
①Network security learning route
②20 penetration test e-books
③Security attack and defense 357 Page Notes
④ 50 Security Attack and Defense Interview Guidelines
⑤ Security Red Team Penetration Toolkit
⑥ Essential Books on Network Security
⑦ 100 Vulnerability Practical Cases
⑧ Internal Video Resources of Security Factory
⑨ Analysis of CTF Capture the Flag Competition Questions Over the Years
