This repository has been archived by the owner on Aug 23, 2023. It is now read-only.
-
Notifications
You must be signed in to change notification settings - Fork 70
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
1 parent
961c453
commit 14e0d24
Showing
117 changed files
with
29 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,29 @@ | ||
### Exercise | ||
This exercise is to assess your detective and content curation skills. It is similar to a typical task you would work on at Snyk. | ||
|
||
Vulnerabilities are curated by many organizations, CVE being the most popular. Many public vulnerabilities get an ID in the CVE database. | ||
|
||
You are given a CVE ID and asked to discover all information on it. You do not need prior knowledge of security vulnerabilities, but it may help. | ||
|
||
You can use any external source available on the internet. | ||
|
||
#### Tasks | ||
On September 7th, 2017, a large company named Equifax announced that it was breached by hackers. The hackers used a known exploit in order to conduct their attack. The exploit was assigned the ID: **CVE-2017-5638**. | ||
|
||
1. Build a timeline of when the vulnerability was initially found, to the day Equifax announced the breach. | ||
We'd like to know any small piece of information, including but not limited to: | ||
- What Open Source package is vulnerable? Talk to us in [maven group ids and artifact ids](https://maven.apache.org/guides/mini/guide-naming-conventions.html). | ||
- When was the vulnerability initially published? Where? | ||
- When was the vulnerability fixed? Can you find the code that fixed it? | ||
- When was it added to external DBs? (like CVE, NVD, etc) | ||
- What other information can you find? Don't forget to cite all sources. | ||
2. Write a short blog, about 10-15 lines about the vulnerability. Make sure the post covers some background, why is this important, and what action can the blog reader take to make sure they are not vulnerable. | ||
3. Knowing what you know now, How would you automate finding this vulnerability? What about future vulnerabilities? The more specific, the less vulnerabilities we'd find. The less specific, the more false positives we get. Find a good balance between the two. This is not a coding exercise, you may explain in writing. | ||
|
||
Don't spend too long on this – we appreciate that this is your own time and we don't want to take up more than is necessary. Anything you don't have time to do we can talk through it instead. And if there's something you're struggling with, make a note and move on. At Snyk, you'd have a whole team to support you when you get stuck. :) | ||
|
||
When you're finished, let us know and we'll go through the task together. | ||
|
||
Any questions? Let us know! | ||
|
||
✨ Good luck! ✨ |
File renamed without changes.
File renamed without changes.
File renamed without changes.
File renamed without changes.
File renamed without changes.
File renamed without changes.
File renamed without changes.
File renamed without changes.
File renamed without changes.
File renamed without changes.
File renamed without changes.
File renamed without changes.
File renamed without changes.
File renamed without changes.
File renamed without changes.
File renamed without changes.
File renamed without changes.
File renamed without changes.
File renamed without changes.
File renamed without changes.
File renamed without changes.
File renamed without changes.
File renamed without changes.
File renamed without changes.
File renamed without changes.
File renamed without changes.
File renamed without changes.
File renamed without changes.
File renamed without changes.
File renamed without changes.
File renamed without changes.
File renamed without changes.
File renamed without changes.
File renamed without changes.
File renamed without changes.
File renamed without changes.
File renamed without changes.
File renamed without changes.
File renamed without changes.
File renamed without changes.
File renamed without changes.
File renamed without changes.
File renamed without changes.
File renamed without changes.
File renamed without changes.
File renamed without changes.
File renamed without changes.
File renamed without changes.
File renamed without changes.
File renamed without changes.
File renamed without changes.
File renamed without changes.
File renamed without changes.
File renamed without changes.
File renamed without changes.
File renamed without changes.
File renamed without changes.
File renamed without changes.
File renamed without changes.
File renamed without changes.
File renamed without changes.
File renamed without changes.
File renamed without changes.
File renamed without changes.
File renamed without changes.
File renamed without changes.
File renamed without changes.
File renamed without changes.
File renamed without changes.
File renamed without changes.
File renamed without changes.
File renamed without changes.
File renamed without changes.
File renamed without changes.
File renamed without changes.
File renamed without changes.
File renamed without changes.
File renamed without changes.
File renamed without changes.
File renamed without changes.
File renamed without changes.
File renamed without changes.
File renamed without changes.
File renamed without changes.
File renamed without changes.
File renamed without changes.
File renamed without changes.
File renamed without changes.
File renamed without changes.
File renamed without changes.
File renamed without changes.
File renamed without changes.
File renamed without changes.
File renamed without changes.
File renamed without changes.
File renamed without changes.
File renamed without changes.
File renamed without changes.
File renamed without changes.
File renamed without changes.
File renamed without changes.
File renamed without changes.
File renamed without changes.
File renamed without changes.
File renamed without changes.
File renamed without changes.
File renamed without changes.
File renamed without changes.
File renamed without changes.
File renamed without changes.
File renamed without changes.
File renamed without changes.
File renamed without changes.
File renamed without changes.
File renamed without changes.
File renamed without changes.