Lieu : MOUGINS · Contrat : Stage · Rémunération : depending on the length of the internship and your diploma. €
Founded in 1972, SAP has grown to become the world's leading provider of business software solutions. SAP is market leader in enterprise application software. The company is also the fastest-growing major database company. Globally, more than 77% of all business transactions worldwide touch an SAP software system. With more than 347.000 customers in more than 180 countries, SAP includes subsidiaries in all major countries. SAP is the world's largest inter-enterprise software company and the world's third-largest independent software supplier, overall. SAP solutions help enterprises of all sizes around the world to improve customer relationships, enhance partner collaboration and create efficiencies across their supply chains and business operations. SAP employs more than 98.600 people.
Security Research at SAP Labs France, Sophia Antipolis
Based at SAP Labs France Mougins, Security Research Sophia-Antipolis addresses the upcoming security needs, focusing on increased automation of the security life cycle and on providing innovative solutions for the security challenges in networked businesses, including cloud, services and mobile.
This internship is based in the SAP Labs France Research Lab, in Sophia-Antipolis. The work will be performed in the context of the Research Program “Security & Trust”, under the “Defendable Application” topic. This topic aims at protecting applications by directly reacting to attackers performing active information gathering, as well as attackers who already found a way in (for example thanks to a successful credential theft through a phishing email)
SAP has developed an approach consisting in detecting malicious activity thanks to a set of deployed or virtual honeytokens, followed by a diversion phase where the attacker is re-routed to a honeypot.
From the code perspective, the honeypot is a clone of the original application, meaning that attacker’s activity can be monitored to discover the exploitation of unknown vulnerabilities.
This solution comprises several components which were developed as separate proofs of concept (PoCs):
- A pipeline for docker deployment, taking a java application from Github and making it self-defend
- A smart reverse-proxy detecting reconnaissance and diverting identified sessions to a honeypot
- A fingerprinting solution able to distinguish real user from attacker even when the attacker tries to go incognito
- A fake data generator, able to learn from real data to make the fake one believable
- A data recorder, able to blur already seen data with fake data
- And a few others
The goal of the internship is to move to the next step: integrate these different components and possibly add a few other neat ideas into a docker-based platform able to self-protect arbitrary (java) applications.
This integrated solution will ideally be used to generate a set of ‘capture-the-flag’ (CTF) web-application challenges, to test the efficiency of the diverse self-defense elements and to identify where improvements would be welcome.
The expected work is to get familiar with the core application, see how it runs on one already existing CTF challenge, and enrich it with the concepts developed in the satellite PoCs. All good ideas are also welcome in this research field where many white spots are to be explored!
We expect that 75% of time will be dedicated to development / integration and 25% to research activities.
• University Level: Last year of MSc in Computer Science or beyond
• Loves programming and not afraid of shell scripting
• Experienced with docker (build, network, …)
• Good knowledge of HTTP protocol, traffic routing and of web applications
• Fluency in English (working language)
• Abilities in organizing meeting and contacting people
• Good oral and written communication skills
• Capacity to write documents in English, ability to synthesize
CONTACTS AND PROCEDURE
Please candidate by clicking on this link:
UPLOAD (all documents must be in English):
• Your CV
• Cover letter
• Any relevant documents