SecureStack is a startup based on the Gold Coast in Australia. We offer a SaaS-based platform that helps software engineering teams easily embed security into their cloud-native applications and software development lifecycle (SDLC). We do this in a really unique and innovative way: We analyze their source code and cloud resources while continuously scanning web assets at the same time. We use the data that is generated to build context around how the application works, and what it's talking to, and is it secure? We then use that data to help our customers solve complex application security challenges with unique visibility and automated fixes.

Because SecureStack combines and analyzes data from source code, cloud stack and web app analysis, we understand our customer's applications better than any other platform can. We use this data to build insights about the customers application environments. This allows us to prioritize vulnerabilities intelligently and build very focused/automated mitigations for our customers.

In this intern role, you will be working with a highly performant team who are all based in Australia. It's okay if you aren't in Australia, we are open to interns that are located pretty much anywhere. You will have the opportunity to work on several different projects spread across our platform. There will be opportunities to work on frontend components as well as some of our backend systems as well. Our platform is built in AWS and takes advantage of AWS ECS, Fargate, Lambda, and some Ec2 as well, so if you want to learn about AWS while building you can do that too!

We're looking for a full-stack developer to join the npm CLI team. This team is responsible for the open source tools that empower the JavaScript ecosystem to create, distribute & consume packages. SecureStack is looking for a passionate intern who wants to learn about application security and DevSecOps while help build a truly innovative product. The important part of this is that the successful intern will have a passion for learning and some experience in one or more of these things:

1. Javascript & React
2. Frontend design
3. Tailwind CSS
4. Python & FastAPI
5. GraphQL & Apollo
6. Golang
7. API design
8. AWS

Don't think you need experience in all of those things, because you don't! We are looking for someone that has experience in at least one of those technologies and is excited about working on a genuinely innovative application security product.

• Passion to learn is the most important qualification!
• Experience with Git & GitHub
• Writing modern JavaScript/Node.js
• Passion for application security
• Some experience in AWS

To participate, you must be:

• A verified student on Global Campus
• 18 years or older
• Active contributor on GitHub (monthly)

SecureStack built a single page Javascript app. This app was built to be able to demo different types of web application vulnerabilities. Your task, if you choose to accept it, is to analyze our vulnerable web application and find at least one vulnerability or misconfiguration in that app. The web URL is https://app.cheapcryptobank.com and the source code can be found at our vulnerable CheapCryptoBank web app. You can find the source code here: https://github.com/SecureStackCo/app.cheapcryptobank.com

This is totally optional and is not required for this assignment, but if you want to, you can use the SecureStack platform to many of the vulnerabilities in the CheapCryptoBank app. If you want to, you can create a free SecureStack account. This account doesn't ask for your real name or a credit card. You can login with your GitHub credentials. Once you've created an account you can use SecureStack to scan the web URL and source code automatically.

We want this assignment to be fun, so feel free to use any tool you want to scan our web applicaiton and/or the source code for this app. You can use SecureStack or you can use another tool. Or, you can just inspect the source code and running web app yourself, no tools necessary!

• Analyze the CheapCryptoBank application
• Share what security vulnerabilities you found by commiting your repo with comments to our GitHub Classroom

Students are expected to use the GitHub Flow when working on their task. This includes

1. Using GitHub Discussions to ask any relevant questions regarding the project
2. Creating a new branch using your GitHub username in the title
3. In that branch create a new file in the submissions folder with your GitHub username like this '6mile-submission.md'. Please do not change any of the existing files. Just add your own submission file. You can see the submissions/TEMPLATE.md file for an example.
4. In that new submission file list any issues you found, the references for those issues and for extra points, any mitigations for those issues.
5. If you found a security vulnerability that can be corrected in code, feel free to include a code based solution. This is for extra points!
6. Opening a Pull Request for review

• Check out our vulnerable web app: app.cheapcryptobank.com
• Use the SecureStack platform to analyze the application