I have a job interview tomorrow where I was told to review the following topics, which I feel I have. How would you guys test to make sure you understand the concepts? Are there practice code reviews I can do?
"We want you to be able to identify security flaws via code review and demonstrate deep understanding of the issues found. We want you to be able to explain your approach to code review during the interview, explain the risk of each issue, explain how the issue might get exploited and suggest fixes with practical security and defense-in-depth in mind.
OWASP TOP 10
In depth understanding of core web concepts like SOP (same origin policy) and HTTPS certificate validation
Understanding of web application fundamentals
Cryptography
- Encryption at rest and in transit
- Symmetric encryption and its applications
- Public Key Cryptography and its applications
- Credentials (password) storage and Hashing"