Secure Coding mailing list archives

Questions asked on job interview for application security/penetration testing job

From: mparsons1980 at gmail.com (Matt Parsons)
Date: Sun, 22 Mar 2009 14:46:13 -0500

Here are the answers that I was given for the following questions by a
non-technical recruiter.    

 

 

1.  What are the security functions of SSL?  Encryption and authentication 

2.  What is a 0 by 90 bytes error. Buffer over flow. 

3.  What is a digital signature, Not what it is?  The senders message is
encrypted with a sender's private key and attached like a signature to an
encrypted message to ensure that the person is who he claims to be. The
recipient uses the sender's public key to decrypt the signature.

4.  What is the problem of having a predictable sequence of bits in TCP/IP?
TCP/IP session hijacking  I also thought it was man in the middle attack.  

5.  What is heap memory? A heap memory pool is an internal memory pool
created at start-up that tasks use to dynamically allocate memory as needed.

6.  What is a system call?  Call from the operating system.     

7.  what is two factor authentication?  Use of something you know, something
you have, something you are.   

 

Thanks

Matt Parsons 

Matt Parsons, CISSP

 

 

 

 

From: Matt Parsons [mailto:mparsons1980 at gmail.com] 
Sent: Saturday, March 21, 2009 4:44 PM
To: 'Secure Code Mailing List'
Subject: RE: Questions asked on job interview for application
security/penetration testing job

 

Ladies and gentlemen,

I was asked the following questions on a job phone interview and wondered
what the proper answers were.   I was told their answers after the
interview. I was also told that the answers to these questions were one or
two word words.  In the beginning of next week I will post what they told me
were the proper answers.   Any references would be greatly appreciated.  

 

 

1.  What are the security functions of SSL?

2.  What is a 0 by 90 bytes error.

3.  What is a digital signature, Not what it is?  

4.  What is the problem of having a predictable sequence of bits in TCP/IP?

5.  What is heap memory?

6.  What is a system call?  

7.  what is two factor authentication?  

 

 

 

 

Thanks

Matt 



 

Matt Parsons, CISSP

Parsons Software Security Consulting, LLC

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://krvw.com/pipermail/sc-l/attachments/20090322/562e3c15/attachment.html

Current thread:

Questions asked on job interview for application security/penetration testing job Matt Parsons (Mar 21)
- Questions asked on job interview for application security/penetration testing job Arian J. Evans (Mar 22)
- <Possible follow-ups>
- Questions asked on job interview for application security/penetration testing job Matt Parsons (Mar 22)