Common vulnerabilities, auth, and how real breaches happen.
This is a spoken, conceptual discussion, not a live-coding exercise. You explain your reasoning out loud — concepts, tradeoffs, and "what would happen and why" — while the interviewer follows up and pushes on anything vague or surface-level.
Can you explain what XSS is, and the difference between stored, reflected, and DOM-based XSS?
Can you explain the difference between authentication and authorization, with a concrete example of each?
Can you explain what makes a JWT different from a traditional opaque session token, and what you give up by using one?
Can you explain what SQL injection is, and why parameterized queries prevent it?
Can you explain the difference between hashing and encryption, and why passwords should be hashed, not encrypted?
Can you explain what TLS actually protects against, and what it doesn't protect against?
Can you explain the principle of least privilege, and give an example of applying it in a system you've built?
If you discovered a data breach in production right now, what would your first few steps be?
These are a few examples — each real session pulls 5 questions at random from a larger pool across every category above, so repeat sessions won't repeat the same set.
5 free interviews every month, any track, no card required.