Anyone have any insights into higher level Stripe prodsec interviews? Specifically looking for info on the vuln hunt: is it testing a live app or a code review? My Ruby knowledge is pretty lacking so I'm concerned I might miss some language specific vulns here if this is a code review. The info from the recruiter didn't really specify what type of vuln hunt it will be, which is why I'm asking. Thanks for any insights! YOE 10, TC 310k
I thought you get to choose the language; is that different for security interviews? Otherwise why use Ruby if you’re not comfortable with it?
You get to choose for the coding round, but not the vuln hunt I believe
Tech Industry
7h
1790
Tech companies to avoid as a white guy?
India
2h
311
People who like Modi, are you okay with your country’s leader using words like “infiltrators” for a community?
Tech Industry
9h
3035
Be a wh0re
Tech Industry
Yesterday
4897
US Government Collaborating with Open AI, Google, Alphabet leaders for AI Security??!
I hope it's not like coinbase where they say it's code review but it's actually something else. It was easy but I screwed it up. For ruby, try learning about built-in protection provided by frameworks. Like there is some built-in mechanism to prevent SQL injection in Ruby Sinatra or something...
Hey at coinbase was your tech screen basically like a gotcha round? I passed it and all, but it just seemed like a really dumb way to interview for security. I.e. "oh you know security? Tell me the types of xss." "ok, you got em, but what about sqli, you didn't mention sqli!" "You asked about xss?" "Ok next question then, how does cors work?" I was kinda disappointed in them honestly... Still going to continue the process, though, lol. I think I can help.
Yep, screening was pretty simple, exactly 6 questions. But I kind of screwed up the onsite because I wasn't mentally prepared, I had not slept for 2 days before the interview.