security-prince / Application Security Engineer Interview Questions
Some of the questions which i was asked when i was giving interviews for Application/Product Security roles. I am sure this is not an exhaustive list but i felt these questions were important to be asked and some were challenging to answer
Stars: ✭ 267
Projects that are alternatives of or similar to Application Security Engineer Interview Questions
Resources-for-Application-Security
Some good resources for getting started with application security
Stars: ✭ 97 (-63.67%)
Mutual labels: infosec, application-security, appsec, websecurity
reconmap
Vulnerability assessment and penetration testing automation and reporting platform for teams.
Stars: ✭ 242 (-9.36%)
Mutual labels: vulnerability, infosec, devsecops
PastebinMarkdownXSS
XSS in pastebin.com and reddit.com via unsanitized markdown output
Stars: ✭ 84 (-68.54%)
Mutual labels: xss, vulnerability, infosec
Rfi Lfi Payload List
🎯 RFI/LFI Payload List
Stars: ✭ 202 (-24.34%)
Mutual labels: appsec, application-security, websecurity
Faraday
Faraday introduces a new concept - IPE (Integrated Penetration-Test Environment) a multiuser Penetration test IDE. Designed for distributing, indexing, and analyzing the data generated during a security audit.
Stars: ✭ 3,198 (+1097.75%)
Mutual labels: infosec, vulnerability, devsecops
Purify
All-in-one tool for managing vulnerability reports from AppSec pipelines
Stars: ✭ 72 (-73.03%)
Mutual labels: infosec, devsecops, appsec
Holisticinfosec For Webdevelopers Fascicle0
📚 Overview 🔒 Tooling 🔒 Process 🔒 Physical 🔒 People 📚
Stars: ✭ 37 (-86.14%)
Mutual labels: infosec, devsecops, websecurity
Sbt Dependency Check
SBT Plugin for OWASP DependencyCheck. Monitor your dependencies and report if there are any publicly known vulnerabilities (e.g. CVEs). 🌈
Stars: ✭ 187 (-29.96%)
Mutual labels: infosec, devsecops, appsec
nerdbug
Full Nuclei automation script with logic explanation.
Stars: ✭ 153 (-42.7%)
Mutual labels: application-security, appsec
Damn-Vulnerable-Bank
Damn Vulnerable Bank is designed to be an intentionally vulnerable android application. This provides an interface to assess your android application security hacking skills.
Stars: ✭ 379 (+41.95%)
Mutual labels: infosec, application-security
APSoft-Web-Scanner-v2
Powerful dork searcher and vulnerability scanner for windows platform
Stars: ✭ 96 (-64.04%)
Mutual labels: xss, vulnerability
sqlinjection-training-app
A simple PHP application to learn SQL Injection detection and exploitation techniques.
Stars: ✭ 56 (-79.03%)
Mutual labels: application-security, appsec
awesome-policy-as-code
A curated list of policy-as-code resources like blogs, videos, and tools to practice on for learning Policy-as-Code.
Stars: ✭ 121 (-54.68%)
Mutual labels: appsec, devsecops
vimana-framework
Vimana is an experimental security framework that aims to provide resources for auditing Python web applications.
Stars: ✭ 47 (-82.4%)
Mutual labels: application-security, devsecops
juice-shop
OWASP Juice Shop: Probably the most modern and sophisticated insecure web application
Stars: ✭ 7,533 (+2721.35%)
Mutual labels: application-security, appsec
wasec
Examples of security features (or mishaps) on web applications -- these are mostly examples and tutorials from the WASEC book.
Stars: ✭ 74 (-72.28%)
Mutual labels: xss, websecurity
gha-setup-scancentral-client
GitHub Action to set up Fortify ScanCentral Client
Stars: ✭ 15 (-94.38%)
Mutual labels: application-security, appsec
Updated post at https://ishaqmohammed.me/posts/application-security-engineer-interview-questions/
Application Security Engineer Interview Questions
twitter for any feedback/suggestions/discussions.
Some of the questions/topics which i was asked when i was giving interviews for Application/Product Security Engineering roles. I am sure this is not an exhaustive list but i felt these questions were important to be asked and some were challenging to answer. I tried to include the reference resource for some of the questions/topics, feel free to reach out to me onFurther readings and references:
Note that the project description data, including the texts, logos, images, and/or trademarks,
for each open source project belongs to its rightful owner.
If you wish to add or remove any projects, please contact us at [email protected].