Tips for enthusiastic pen testers while appearing for interview (beginner to intermediate level)

Application security:

1. Always have basics clear (on application design, architecture, back end and front end)

2. Understand not only the front end exploits , but also understanding the back end vulnerable code

- Example- A front end SQL Injection, along with the back end vulnerable query leading to the vulnerability

3. Read, learn and research not only on the vulnerabilities, but also learning to provide optimized recommendations to the client based on their environment.

- Example- XSS has recommendations including Input validation (encoding, regex, character stripping), WAF, Anti-XSS filters etc. Rather than all generic recommendations, gain an understanding of the underlying environment and the feasible recommendations based on development team, turn around time and effectiveness

Network security

1. Understand not only running enumeration tools including port scanning, but also how a port scanner works, how it sends flags, and how it gets detected and ways to attempt to bypass defenses.
2. Understand the fine lines along vulnerability,threat,exploit and payloads. Why and when a particular attack might fail and some other technique might succeed.
3. Implement creativity in thinking, on a broad level not knowing 100% correct answers are not an issue, as long as your mind tries to think logically with an attempt to think, discover, research and execute

The list goes on, but as long as a candidate is decent on the above lines, can clear any interview based on skills, attitude and mindset!