The test consists of two parts:
In order to avoid bounced emails we would like you to submit your results by uploading the relevant zip file to a shared Google Drive folder. In order to obtain the URL for this folder please supply your Gmail or Google-based email address to either your agent or the JUST EAT member of staff who assigned you the test.
Please make this a single zip file named {yourname}-{role-applied-for}.zip containing:
- A single file with your findings from the code review
- A single file with your answers to the technical questions
- One folder containing your version of the application, if you have any suggested changes
This is a basic MVC web application that requires a security code review. Please review the application and report on any issues that you find, simple as that! Include in your report:
- Issue
- Suggested Remediation
If you are applying for a Security Sofware Engineer role, it would be advisable to do this
If you like, you could rewrite any parts of the application that you feel could be improved. If you do so, please clearly comment on:
- If the change relates to a finding in your report
- How you made it better
You can document the changes how ever you prefer, as long as your motivation and the specific changes are clear
Please answer the following questions in a markdown file called Answers to technical questions.md
.
- What was your process for reviewing the application?
- If you found any issues, what was the most severe?
- Code review can be a very manual process, how can you give assurance that code is secure in an environment with multiple daily deployments?
####Thanks for your time, we look forward to hearing from you!
- The JUST EAT Infosec Team