Data structures and algorithms are now assumed to be the new normal in interviewing as a whole. Expect it in AppSec too if you want an advantage over the other candidates.
And for algorithms, I mean stuff like this: https://leetcode.com/problems/word-search/
I would expect these for a normal developer position.
Do you mean I have to practice pentesting on places like HackTheBox AND algo's on leetcode and similar if I ever want to be in AppSec?
TLDR: To some extent, Yes. Some AppSec employers want both or some want in-depth security knowledge, but I won't risk not knowing algos when applying to any role related to software.
As much as I do not like this way of interviewing, the reason why employers use Leetcode is to give you the chance to 'prove your skills' if you don't have any experience or a portfolio. I would not risk going to the interview not studying algorithms with any software related role; including AppSec.
Eventually, there will be too many candidates trying to convince the hiring manager to select them for one job. In the case of the security industry, some might use security blog-posts, references to CVE's, HackerOne reports or CTFs to shortlist them and bypass the leetcode stage, which I would prefer that over using leetcode. But not all AppSec employers look at this.
So yes, I'm afraid to show you are the 'ideal candidate', you have to know both algorithms with whatever domain you want to enter in to be on the safe side.
