Lieu : MOUGINS · Contrat : Stage · Rémunération : depending on the length of the internship and your diploma. €
Founded in 1972, SAP has grown to become the world's leading provider of business software solutions. SAP is market leader in enterprise application software. The company is also the fastest-growing major database company. Globally, more than 77% of all business transactions worldwide touch an SAP software system. With more than 347.000 customers in more than 180 countries, SAP includes subsidiaries in all major countries. SAP is the world's largest inter-enterprise software company and the world's third-largest independent software supplier, overall. SAP solutions help enterprises of all sizes around the world to improve customer relationships, enhance partner collaboration and create efficiencies across their supply chains and business operations. SAP employs more than 98.600 people.
Security Research at SAP Labs France, Sophia Antipolis
Based at SAP Labs France Mougins, Security Research Sophia-Antipolis addresses the upcoming security needs, focusing on increased automation of the security life cycle and on providing innovative solutions for the security challenges in networked businesses, including cloud, services and mobile.
This internship is based in the SAP Labs France Research Lab, in Sophia-Antipolis. The work will be performed in the context of the Research Program “Security & Trust”, under the “Defendable Application” topic. This topic aims at protecting applications by directly reacting to attackers performing active information gathering, as well as attackers who already found a way in (for example thanks to a successful credential theft through a phishing email)
The active response comes after a successful detection. The detection itself is based on activity that does betray the attacker’s malicious intent, such as a clear attempt at escalating privileges. To aid in this process, three factors can be considered:
- Suspicious actions, such as request coming at weird hours or from an unexpected IP address
- Intrusive actions, such as active scanning and enumeration
- Tripping on traps that were specifically deployed to detect attackers
This third factor can be addressed by deploying honeytokens (such as a fake cookies) around the application to be protected, but this is a difficult task as it requires careful thinking. If your honeytoken stands out too much, it will be noticed and ignored by attackers. If it is too close to the data flow, lambda users may trigger false positives. If you add too many of them, attackers will notice that there is something odd.
In other words, a realistic honeytoken needs to blend in its context.
The goal of this internship will be to devise an approach that allows the automatic generation of realistic honeytokens, by analyzing characteristics of the application to protect before generating relevant honeytokens.
The expected work is to get familiar with the work achieved so far in the fields of cyber-deception and of application analysis such as code scanners and fuzzers, then to design and develop a proof-of-concept generating relevant honeytokens depending on the characteristics of the targeted application to be protected.
The candidate may as well explore the field of intrusive actions by identifying relevant intrusion detection rules.
We expect that 50% of time will be dedicated to development / integration and 50% to research activities.
• University Level: Last year of MSc in Computer Science or beyond
• Good knowledge of HTTP protocol and of web applications
• Good programming skills (in any language)
• Knowledge of scanning tools such as OWASP ZAP, Selenium, static code scanners.
• Fluency in English (working language)
• Abilities in organizing meeting and contacting people
• Good oral and written communication skills
• Capacity to write documents in English, ability to synthesize
CONTACTS AND PROCEDURE
Please candidate by clicking on this link:
UPLOAD (all documents must be in English):
• Your CV
• Cover letter
• Any relevant documents