Applications Security Specialist Interview Questions | Glassdoor

Applications Security Specialist Interview Questions

5

Applications security specialist interview questions shared by candidates

Top Interview Questions

Sort: RelevancePopular Date

I was asked to explain the difference between Insufficient Authentication and Insufficient Authorization. In the process, I managed to confuse the person asking the question by giving obscure examples.

1 Answer

Insufficient Authentication - Being able to perform a functionality or view information that should not be viewable to an unauthenticated user. Insufficient Authorization - Being able to perform a functionality or view information that should not be viewable to a user of your privilege level (ex: being able to perform administrator functionality as a regular user) or by any user other than you (ex: being able to view another users account information)

Given this snippet of code, assuming that from where you injected your inputs on the URL, this is the landing space in an attribute, explain to us how you would obfuscate past their filter and successfully demonstrate that the page is vulnerable to Cross Site Scripting.

One of them asked who my favorite football team was. I dont even watch football.

They give you different variations on using cross-site scripting. None of them were too difficult and they gave me some hints. If you have a lot of experience in this it should be fairly easy.