It's not a secret anymore!
The moose likes Security and the fly likes Security Interview Questions Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login
JavaRanch » Java Forums » Engineering » Security
Bookmark "Security Interview Questions" Watch "Security Interview Questions" New topic

Security Interview Questions

Joseph Marques

Joined: May 01, 2005
Posts: 12
What are some of the more interesting questions regarding security that you've either heard asked in an interview or that you've asked during an interview?
Ramesh Nagappan
Ranch Hand

Joined: May 06, 2003
Posts: 159
These are not evil questions...I wish you don't want to sacrifice security..if you are hiring a security professional :-)

Here is my quick five questions on general application security:

1. Identify the fundamental security principles (at least 5) to fortify an application from potential risks and vulnerabilities.

2. How do you identify and mitigate application security risks ? How do you make trade-offs ?

3. What is a security pattern ? Why it has to be considered in application development ?

4. Discuss the differences between Black-box and White-box security testing ?

5. How do you perform a proactive security assessment and a reality check before deploying the application ?

If you would like to know the answers...I would suggest to read the Free Sample chapter made available in the book website.

Here is my quick five interview questions on J2EE application security:

1. How do you guarantee the integrity and privacy of data and communication from Man-in-the-Middle attack ? What are the J2EE security options.

2. How do you implement a secure logging process which ensures confidentiality and tamper-proof ?

3. What are the security strategies available to protect access to a Java object passed between J2EE tiers ?

4. In J2EE Web services, how do you restrict all direct access to a SOAP endpoint and its WSDL ?

5. How do you incorporate a multi-factor authentication process (Password + Smartcard + Biometrics) in J2EE applications ?
[ January 10, 2006: Message edited by: Ramesh Nagappan ]

Ramesh Nagappan CISSP<br />Co-Author of "Core Security Patterns"<br /><br /><a href="" target="_blank" rel="nofollow"></a>
sanker san
Ranch Hand

Joined: Dec 17, 2004
Posts: 56
Found bunch of security related questions here

Java security interview questions and answers
I agree. Here's the link:
subject: Security Interview Questions
It's not a secret anymore!