Interview questions of a blue team of Beijing Information Protection Network

Recently, I participated in the of a letter 2022 Blue guard interview , I feel there is a big gap between the safety clothing work and the net protection blue team . Many of the questions raised by the interviewer are half solved . Today, I will sort out the topic of net protection , It's convenient for me to take the time to repeat and summarize the special problems .

Sort out the questions as follows ：

1. Introduce yourself , Master skills and direction , Job content

2. common web Know what vulnerabilities

3. What are the functions of error reporting injection

4.updatexml What is the error reporting principle ;floor What is the principle of function error reporting

5. What is the principle of secondary injection ; What is the principle of Stack Injection ;

6. How to prevent sql Inject ;sql Injection disposal methods and repair suggestions

7.CSRF Vulnerability principle and repair method

8. common web Bug fixes ; What other bug fixes do you know

9. common web What is middleware

10. Let me talk about it. weblogic What are they? CVE

11.fastjson Loophole principle

12.shiro Principle of deserialization vulnerability , How to determine shiro frame ？

13. What other frameworks do you know ？ What are the vulnerabilities of the framework ？ How to repair ？

14.thinkphp There are some loopholes in the framework

15. What emergency experience do you have ？ What are the emergency ideas ？

16. Flow analysis method ? Flow analysis ideas ？

17. See that the traffic log has scanning behavior , How to determine the authenticity of the source ip Address ？

18. How many domain contacts ？ How much do you know about intranet ？

19. Talk about an intranet idea 、 Experience

20. Have you ever taken an emergency environment

21.OWASP TOP10 What are they? ？

22. XXE Is it right? TOP10？

23. What are the loophole shooting ranges ？

Probably remember so much , Others can't remember clearly .

Overall process ： Call and make an appointment , Join Tencent Conference , Two interviewers met me alone , From the above answers, extend and expand , The total interview time is nearly half an hour . I'm a big girl. I got on the car head once , A little nervous , Many problems touch the blind spot of knowledge , The question is quite elaborate , An uncertainty can determine my level .....

summary

Originally, my personal expectation was that I prefer how to fight when I encounter loopholes , But the interview questions are more inclined to the underlying principles and repair methods ; Personal work tends to penetrate 、 Missing cleaning and other clothing work , The safety net is more inclined to emergency 、 Flow analysis and traceability methods . As for the blue team work, I personally think it is to look at the flow equipment to study and judge the alarm content , But two interviewers asked how to do domain and Intranet ........( Waldfa )

Some helplessness , But I also gained a lot of knowledge and experience , Now I have time to repeat the above framework , Although it has been done before, but the answer is not complete, it still shows that there are problems , There is still room for improvement .

The result of this interview is temporarily unknown , If successful, make persistent efforts , If you fail, learn from your experience , Keep an ordinary heart . The road of network security is blocked and long , Heroes work harder .