Home >Common Problem >Real experience sharing: Alibaba Security Engineer (four sides)

Real experience sharing: Alibaba Security Engineer (four sides)

藏色散人
藏色散人forward
2023-01-12 14:14:362194browse

This article will share with you what questions I was asked when I was interviewing for a security position at Alibaba. I experienced a total of one, two, three and HR interviews. Let’s take a look at them together. I hope it will be helpful to friends in need. It’s helpful~

Security Job Interview Series: Alibaba Rookie-Security Engineer

Real experience sharing: Alibaba Security Engineer (four sides)

Timeline:

  • x Delivery Security Engineer

  • x 16 one side

  • x 23 two side

  • x 32 Three sides

  • x 50 HR side

  • x 53 Oral intention

  • x 56 Formal Intention Email

One side

Duration: 30 minutes

  • Self-introduction

  • hw’s responsibilities

  • hw’s achievements

  • Share Interesting case

  • What are the differences between hw’s scores and rules every year

  • Will you dig loopholes other than hw

  • The idea of ​​code audit, the audit process

  • Is the code audit based on Java or PHP

  • Is java used a lot?

  • Java deserialization (differences between fastjson, log4j, and its own deserialization)

  • How to repair java fastjson

  • Repair of java native deserialization (readObject, writeObject)

  • The idea of ​​​​black box penetration testing

  • Logical loopholes in retrieving passwords

  • Have you ever done anything related to development, writing small tools, etc.

  • Understand Alibaba , Rookie?

  • Rhetorical question

二面

Duration: 35 minutes

  • Self-introduction

  • Let me talk about my hw experience this year

  • What is the difference between this hw and previous years? , different from previous years, rules, attack methods, etc.

  • Opinions on data analysis of the supply chain

  • About the code from the perspective of Party A Thoughts on audit

  • Opinions on unauthorized vulnerabilities, from a research and development perspective

  • Recent security incidents and opinions (chat Spring4shell and log4shell)

  • Can you tell me your views on these two (in fact, the interviewer asked about security incidents and opinions, but my answer was inexplicably the principle of the vulnerability. . )

  • Northwestern Polytechnical University attack, what do you think about such a thing

  • What do you think about the Shanghai data leakage incident

  • Talk about your views on the security industry from Party A’s perspective, security measures, security strategies and ideas, etc.

  • What are your own requirements in your career plan? , what do you think if you choose to take the rookie as the offer?

  • Why didn’t you stay in the internship 3

  • Reflective question

Overall, I didn’t ask any technical questions. Most of them were about my views on certain events and issues. The interviewer introduced a lot of Rookie’s operating model, industry, etc., including work routes. The overall interview experience was very good. Good

三面

Duration: 25 minutes

  • Introduce yourself

  • Introduce internship experience and project experience

  • Key points for writing POC, and which products will be written for POC

  • Key points for fingerprint identification

  • What are the key factors when working on a surveying and mapping engine?

  • hw results of internship 3

  • Can you achieve this result? What are the key factors

  • Talk about internship 3

  • Reflective question

## HR interview

Duration: 40 minutes

  • Self-introduction

  • Talk about my views on offensive and defensive drills

  • Let’s talk about the easiest or most common attack types from the defensive team’s perspective during offensive and defensive drills

  • Let’s talk about the level of intention in the workplace

  • Rhetorical question

HR gave a verbal expression of interest 3 days after the interview, and another 3 days later sent a formal letter of intent via email

Recommended study: 《

PHP Video Tutorial》《Java Video Tutorial

The above is the detailed content of Real experience sharing: Alibaba Security Engineer (four sides). For more information, please follow other related articles on the PHP Chinese website!

Statement:
This article is reproduced at:nowcoder.com. If there is any infringement, please contact admin@php.cn delete