InfoSec Engineers at Form3 work on sophisticated, highly available distributed systems in a microservices environment. We detect and evaluate threats, and set standards for engineering security. We also work with other teams to build secure systems, and to spread security awareness.
This exercise is intended to mimic a real-world scenario, and should offer you the opportunity to demonstrate the security awareness, technical know-how, and communication skills.
The goal of this exercise is to find and suggest fixes for security issues in this repository.
- Create a private GitHub repository, with
main
andproduction
branches - Import the code from the latest release into the
main
branch - Create a Pull Request to merge from main to production. Review and comment on the PR as you would review a PR produced by a colleague.
- Produce a PR to fix one of the issues, to demonstrate your coding abilities. Imagine that your PR will be reviewed by the original author of the code, who is keen to learn more about security.
- Double check that your review comments have been submitted for both PRs. If they haven't yet been submitted then there will be a
pending
flag next to each comment and a number next to a greenFinish your review
button in the top-right of the page. - Invite
@form3tech-interviewer-1
to your private repo
If you encounter any problems with the service we would encourage you to do some debugging first, before reaching out for help.
- Let us know you've completed the exercise using the link provided at the bottom of the email from our recruitment team
We're conscious that there are plenty of other demands on people's time, and we don't want you to stress about doing loads for this. The aim is to see some evidence of your security knowledge, coding ability, and communication skills in a relatively low pressure environment. Please submit a partial solution if you feel you're running out of time. If we need more material to make a decision, we'll let you know. And remember that you're welcome to get in touch if you're unsure.
Copyright 2019-2021 Form3 Financial Cloud
Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License.