Interview consisted of recruiter asking from a pool of questions: What’s the difference between Java and Javascript? What are the difference between fuzzing and sniffing? What 1 does not fit? Coldfusion, java, asp, html What 1 does not fit? AES256, Blow Fish, SHA1 Describe Cross Site Scripting What are some common mitigations for SQL Injection? Describe the common use of an application proxy for penetration testing. Explain the differences between a GET and POST request Do you have any experience with Dynamic and Static Code Analysis? Which tools have you used? Any advantages of using JSON instead of XML? Afterwards I was informed that the next step would be to talk with one of their Senior AppSec Engineers and after that step would do a practical part of the interview.