Q1
Walk me through how you would perform SQL injection testing on a web application. What tools would you use, and how would you differentiate between time-based blind SQL injection and error-based injection?
Why they ask this:* They're assessing your hands-on knowledge of a critical vulnerability class, your ability to select appropriate tools, and your understanding of exploitation techniques at a mid-level depth.
Q2
Describe your experience with Active Directory enumeration and lateral movement. What techniques and tools (e.g., BloodHound, Mimikatz, Kerberoasting) have you used to identify privilege escalation paths?
Why they ask this:* Mid-level penetration testers must understand post-exploitation in Windows environments and the attack chains used against enterprise infrastructure—this is a core competency for the role.
Q3
How do you approach testing APIs for security vulnerabilities? What are the key differences between testing RESTful APIs and GraphQL endpoints, and what authentication bypass techniques have you encountered?
Why they ask this:* Modern applications rely heavily on APIs; they want to know if you can identify authorization flaws, rate-limiting bypasses, and data exposure risks specific to different API architectures.
Q4
Explain the OWASP Top 10 and provide specific examples of how you've identified and exploited at least three of these vulnerabilities in past assessments. What remediation advice did you provide?