I applied online. The process took 2 weeks. I interviewed at Seal Security (Tel Aviv-Yafo) in Dec 2024
Interview
i got an email with a home task attachment.
in the task you need to fix tough-cookie 2.5.0 (without upgrading to 4.1.3. version) so the application will not be affected by CVE-2023-26136
i had 3 days to complete
i still didnt got a review.
Interview questions [1]
Question 1
As part of their web application written in Node.JS, Penguin uses tough-cookie 2.5.0
to process their clients' cookies. Unfortunately, it is affected by CVE-2023-26136,
rated as a critical vulnerability by NIST's NVD.
According to the vulnerability advisory, the only way to solve the issue is by
upgrading to 4.1.3. However, the Penguins feel shorthanded (pun intended) and
don't have the necessary capacity to adjust their code to work with the new version
of tough-cookie.
In order to help them, our goal is to create a customized version of tough-cookie
2.5.0 which is not vulnerable to CVE-2023-26136.