1. What is the way of looking Race condition in SCR (manually), you cannot go one by one line.
2. What is diff b/w javascript encoding and HTML encoding ?
3. what is HSM ?
4. CVSS Metrics i.e not standard one. (Boundaries vulnerable system and subsequent system, Value density Metrics in CVSS)
5. Mitigation of CSRf in websocket.
6. Fixing DOM based XSS (exact changes in code)
7. some scenario based question related to attacks like xss and bypasses.