write at the beginning
The interviews related to network security school recruitment interviews are either very scattered or the content quality is not complete. In view of this, I have compiled the following interview questions and answers for network security engineers to help you get started with network security. The laboratory also wants to contribute to network security in the current environment. Through my technical experience, I sorted out the frequently asked questions for beginners in interviews. The answer part will be an article or several articles, which I read carefully. It took half a year to sort out the most comprehensive analysis of network security school recruitment interview questions on the market.
It includes questions asked in the interviews of first-line Internet companies such as Tencent, ByteDance, Ali, Qi Anxin, 360, Sangfor, and JD.com. Help everyone get the offer successfully!
penetration testing
Why is there only one port 80 open for a MYSQL database station?
A mature and relatively safe CMS, what is the meaning of scanning the directory when infiltrating?
What should I do first when I see an editor on a background news editing interface?
What's the point of inspecting elements of an upload point?
What's the difference between CSRF, XSS, and XXE, and how to fix them?
During the infiltration process, what is the value to us of collecting the email address of the registrant of the target station?
What is the difference between CSRF, SSRF, and replay attacks?
How many types of sql injection?
What is a blind bet? How blind?
Which logs need to be cleared after hacking a Linux server?
Why is the aspx Trojan horse authority greater than asp?
Given you a website, how do you conduct penetration testing? The principle of SQL injection
in the penetration testing process How to implement SQL injection defense sqlmap, how to inject into an injection point? What is the significance of judging the CMS of the website for penetration? In the place where the administrator password is changed in the background, the original password is displayed as *. How do you think it will be possible to read out this user's password? ... If you need this full version of the interview notes, scan the QR code to get it for free!
web security
Introduce what you think is an interesting digging experience (or CTF experience)
CSRF causes and defense measures (how to solve it without token)
How SSRF detects non-HTTP protocols
Briefly describe the SSRF bypass method
SSRF causes and defense measures
Briefly describe the DNSRebind bypass principle and repair method in SSRF
How to write a shell through sql injection, what are the prerequisites for writing a shell?
Introduce Types of XSS vulnerabilities, what is the difference between dom-type XSS and reflected XSS?
How to prevent XSS vulnerabilities, how to do it on the front end, how to do it on the back end, where is better, and why?
Tell me about the logical loopholes that may be involved in retrieving the password
. What problems may arise during the oauth authentication process, and what kind of loopholes may result?
Introduce the causes of SQL injection vulnerabilities, and how to prevent them? What are the injection methods? In addition to dragging and pulling database data, what are the other ways to use it?
…
Linux-related
Briefly describe the concept of a daemon process, how to generate a daemon process? (★)
What is the principle of the ssh soft link backdoor, and can other backdoors be constructed through this principle?
What are the security operation and maintenance operations of Linux servers? How to secure SSH?
What logs do I need to clear after hacking a Linux server?
Common commands for reverse shell? Which kind of shell usually rebounds? Why?
From the host level, how to monitor the rebound shell?
What are the types of rootkits, and how to protect and detect different types of rootkits?
What is the principle of the ssh soft link backdoor, and can other backdoors be constructed through this principle?
What is the principle of fork in Linux, and will the child process copy the resource status of the parent process?
What are the ways to implement HOOK at the R3 layer, and what are the HOOKs at the R0 layer?
Assuming that a Linux machine has command auditing (the method is unknown), what are the possible bypass methods? What are the
common methods of privilege escalation in Linux?
…
java security
How does MyBatis prevent SQL injection attacks?
What is ClassLoader? What is the prerequisite for loading a custom ClassLoader? The principle of
Redis unauthorized access to
php/java deserialization vulnerabilities? Some ways for Java to prevent SQL injection, have you ever understood the memory horse ...
.computer network
The difference between Http and Https
Symmetric encryption and asymmetric encryption
Three-way handshake and four-way handshake
Why does a TCP link need a three-way handshake, can it not be done twice, why?
How does the TCP protocol ensure the reliability of transmission?
What happens if the client keeps requesting connections? DDos (Distributed Denial of
Service) attack?
The difference between Get and POST
The difference between TCP and UDP
TCP congestion handling
...
How to Get Started Learning Cyber Security
Zero-based entry
For students who have never been exposed to network security, we have prepared a detailed learning and growth roadmap for you. It can be said that it is the most scientific and systematic learning route, and it is no problem for everyone to follow this general direction.
At the same time, there are supporting videos for each section corresponding to the growth route:
Due to limited space, only part of the information is shown, you need to click the link below to get it
CSDN spree: "Hacker & Network Security Introduction & Advanced Learning Resource Pack" free sharing
Video supporting materials & domestic and foreign network security books, documents & tools
Of course, in addition to the supporting videos, various documents, books, materials & tools have also been sorted out for you, and they have been classified for you.
Due to limited space, only part of the information is shown, you need to click the link below to get it
CSDN spree: "Hacker & Network Security Introduction & Advanced Learning Resource Pack" free sharing