UHG
United Healthcare Group (UHG) Interview : Application Security First round: Explain SAST & DAST, How did you used these tools as manual or automated.? How you handle the false positive cases scenario? Explain SQL injection? How to prevent it.? Any vulnerabilities you encountered in API security? Experience in AWS cloud services like EC2, S3 bucket etc? How do you create VPC in AWS? Explain the steps? What is XSS attack? How to prevent it? What is your approach to handle such false positive cases? Use case: If you got to know from code base that some functionalities showing as false positive but app developer says that its needed from code base side. Load one URL, Able to see some regular expression. role="some key"; How you convince that this is not a false positive. You build tool, that tool is identified few parameters. Some set of vocab or keyword. If some regex is throwing error in code base like key=value? you report issue to developer. So as fix developer changed th...