1. Accueil
  2. Stage: Security Testing Strategies (m/f) Job
Expire bientôt
SAP

Stage: Security Testing Strategies (m/f) Job

  • Stage
  • Mougins (Alpes-Maritimes)
  • Développement informatique
Postuler maintenant

Description de l'offre

Requisition ID: 116429
Work Area: Software-Design and Development
Expected Travel: 0 - 10%
Career Status: Student
Employment Type: Limited Full Time

COMPANY DESCRIPTION

As market leader in enterprise application software, SAP helps companies of all sizes and industries innovate through simplification. From the back office to the boardroom, warehouse to storefront, on premise to cloud, desktop to mobile device – SAP empowers people and organizations to work together more efficiently and use business insight more effectively to stay ahead of the competition. SAP applications and services enable customers to operate profitably, adapt continuously, and grow sustainably.

SAP's security vision is built on 5 ideals to secure business: Defendable Application, Zero-Knowledge, ZeroVulnerability, Security by Default, and Transparency. SAP's security research group lays the foundation for realising the vision: The 30+ researchers of the Security Research unit focus on security engineering (e.g., the automation of the secure software development lifecycle), secure business execution (e.g., business process security and security in cloud based business applications) and secure operations (e.g., secure maintenance and support of complex and heterogeneous cloud IT landscapes).

PURPOSE AND OBJECTIVES:

The increasingly large number of vulnerabilities that affect web-based applications has severe consequences. Attackers rely on these flaws to routinely compromise millions of web sites, steal personal and financial data, and penetrate private infrastructures.
To mitigate the Web's security problems many techniques and tools have been developed over the years. The two major approaches to identify vulnerabilities are static and dynamic analysis security testing, in short SAST and DAST. SAST requires the source code of the application while DAST requires the application to be upand-running and ready for active testing. Both approaches feature pro and cons. In general, SAST is subject to false positives (report attacks that are not real attacks) while DAST to false negatives (miss real attacks).

EXPECTATIONS AND TASKS:

Though some companies are successfully reducing the number of security vulnerabilities in our code base via security testing strategies based on both SAST and DAST, there is still a big gap to close towards approaching the vision of “zero vulnerabilities”. This gap is mainly caused by limitations of the tools and techniques used, in terms of (i) precision of findings (for instance, false positives reported by SAST), (ii) the lack of tool support for more challenging problems (for instance, systematic detection of XSS, CSRF, logical vulnerabilities), and (ii) the need for automated solutions for well-known problems like SQL Injection so to manage the complexity of software security analysis (for instance, the continuous emergence of new technologies and related vulnerabilities).

In the above-described context, the specific goals of the internship are as follows:

·  Understanding the SAP development process
·  Understanding SAST and DAST approaches as well as experiencing with concrete tools/techniques
·  Studying challenging vulnerabilities (e.g., CSRF and logic flaws) and investigating solutions to detect them with a high degree of automation
·  Contributing to the development of our testing framework at SAP, based on SAPUI5 technology
·  Contributing to the development of our testing core engine
·  Assessing our testing engine against real world SAP and non-SAP scenarios
·  Support SAP internal users toward the consumption of the testing framework
·  Documenting the developed software and the overall activities

Technologies/techniques involved are: Python, JavaScript, SAST/DAST tools (e.g., OWASP ZAP), and Machine Learning

We expect that 25% of time will be dedicated to research activities, and 75% to development.

WORK EXPERIENCE:

·  Security background
·  Previous experience is an advantage

EDUCATION AND QUALIFICATION / SKILLS:

·  University Level: Last year of MSc and behind
·  Good skills in modelling, analysis and programming (Python, Java)
·  Good skills in web technologies (HTTP, HTTPS, server/client-side programming language)
·  Fluency in English (working languages) • Good oral and written communication skills

SAP'S DIVERSITY COMMITMENT

To harness the power of innovation, SAP invests in the development of its diverse employees. We aspire to leverage the qualities and appreciate the unique competencies that each person brings to the company.

SAP is committed to the principles of Equal Employment Opportunity and to providing reasonable accommodations to applicants with physical and/or mental disabilities. If you are interested in applying for employment with SAP and are in need of accommodation or special assistance to navigate our website or to complete your application, please send an e-mail with your request to Recruiting Operations team (Americas: or , APJ: , EMEA: ). Requests for reasonable accommodation will be considered on a case-by-case basis.

Additional Locations:

Job Segment: Engineer, ERP, Intern, SAP, Engineering, Security, Technology, Entry Level

Faire de chaque avenir une réussite.
  • Annuaire emplois
  • Annuaire entreprises
  • Événements
    •