Internship Vulnerable web application development for cybersecurity training at SAP F/H
Detail de l'annonce :
WHAT WE OFFER
Our company culture is focused on helping our employees enable
innovation by building breakthroughs together. How? We focus every day
on building the foundation for tomorrow and creating a workplace that
embraces differences, values flexibility, and is aligned to our
purpose-driven and future-focused work. We offer a highly
collaborative, caring team environment with a strong focus on learning
and development, recognition for your individual contributions, and a
variety of benefit options for you to choose from. Apply now!
PURPOSE AND OBJECTIVES
Cyber-attacks can disrupt and cause considerable financial and
reputational damage to even the most resilient organizations. If an
organization suffers a cyber-attack, it stands to lose assets,
reputation and business, and potentially face regulatory fines and
litigation. Most cyber-attacks are automated, indiscriminate and
evolve at an alarming rate.
Cybersecurity is the body of technologies, processes and practices
designed to protect networks, computers, programs and data from damage
or unauthorized access from cyber-attacks. Ensuring cybersecurity
requires coordinated efforts throughout the development lifecycle of
products. An important element in this lifecycle is Security Testing.
Security Testing reveals flaws in the security mechanisms of products
during development and helps prevent attacks such as SQL injection,
XSS, DoS.
Within the Tools team, the Security Testing and Open Source team
enables SAP development teams to build secure software by providing a
service for automated source code scans complemented by other test
methods, such as dynamic checks, fuzzing, and penetration testing.
This automated security analysis of potentially large software
products allows to detect and eliminate security flaws at an early
stage in the development cycle before the products are shipped to SAP
customers. The team also provides central education and consulting to
develop security awareness in SAP and help development teams make
effective use of these tools. Finally, the team carries out research
projects in white spot areas and develop its own security testing
tools for specific configurations that are not well supported by
standard static analysis tools (SAST) or dynamic analysis tools
(DAST).
Our strengths rely on an international and multicultural team. The
team is made up of highly skilled and passionate individuals who
together bring many years of experience from various areas of
application security. We are looking for a passionate and
collaborative intern with a hands-on mindset.
INTERNSHIP TOPIC
The internship will take place in the context of the security testing
training delivered in SAP worldwide. With this internal training for
SAP developers, each SAP trainee learns: which testing tools to use,
how to use the tools and when to test. The goal of this training is to
present an overview of the security testing and open source software
security strategy. It will give any SAP developer best practices and
recommendations to follow. Each trainee will be trained with Static
Application Testing Tools (Fortify, Checkmarx, Coverity), Open Source
Vulnerability Scan tools (SVM, Blackduck, Whitesource), Dynamic
Application Testing Tools (Daster, Zap).
The goal is to have one single vulnerable application able to be
tested by all the previous static tools: the several tools will be
able to test different parts based on the programming languages they
support (for example, Fortify for Java Code Scan, Cx for Javascript
code scan, etc.)
Then, the Security Testing and Open Source Software Security team has
developed its own vulnerable application,
SAPGoat store is a vulnerable application to learn the types of
security vulnerabilities that exist and how to detect them with the
testing tools. The application is an online shop with vulnerabilities
available like challenges on the website.
It has various components:
* Store, a vulnerable shop written in Java Spring (Backend) and UI5
(Javacript framework for frontend)
* Backoffice, the back office of the shop, written in JavaScript
* Mobile Store, a mobile application (multi OS) with the same
functionalities than the Store
* Mobile Backoffice, an Android mobile application with the same
functionalities than the back office
* Payment module in C
The main tasks of the internship will be to:
* Ramp-up on Security Testing and OpenTools (Static and Dynamic)
* Continue developing our own vulnerable web application, SAPGoat and
its different components
* Improve the payment modules
* Improve the mobile store
* Investigate how the Open Source Vulnerability Scan tools like
Whitesource, Black Duck and SVM will behave with SAPGoat store,
* Add new components with some vulnerabilities able to be detected by
Open Source Vulnerability Scan
* Document and update the training material with the new components
* Provide support to the technical coordination of the infrastructure
for the trainings.
The training is now put on a E-Learning Platform, the intern may have
to update this platform with new security testing and open source
software security tools producing videos and other types of material
like quizz, challenges.
At the end, the student will gain skills in Security Testing areas and
also get a good visibility of the SAP Secure SDL (Software Development
Lifecycle). The web vulnerable application will be directly used by
trainees during the training.
The intern will be directly in contact with experts from the areas
(pentester, static and dynamic tools experts, and tools consultants).
The intern/apprentice will have the opportunity:
* To discuss with security experts and she/he will gain expertise in
the area of Static Application Security Testing tools, Open Source
Vulnerability Scans Tools and Dynamic Application Security Testing
Tools.
* To be fully part of a Security Team in SAP and improve her/his
knowledge in Security
* To work mainly on devops tasks, however she/he will have the
opportunity to tackle diverse type of tasks (like support, testing,
design and communication about the Security Testing training).
You should bring
* Development skills
* Devops skills
* Knowledge in Security or really strong interest in the domain
You will learn
* Applied Security
* Security Testing Tools
* SAP Secure SDL
* Hackers’ techniques
Plus
* Contact with security experts (pentesters, static and dynamic tools
experts, and tools consultants)
* High visibility of the work (the application will be used in the
training and will be consumed by 30 000+ d developers)
* Diversity of tasks (development, devops, support, design)
* Work with a great team in a nice location (Sophia-Antipolis/south
of France)
CANDIDATE PROFILE
The ideal candidate will have/be:
* Very good technical/development skills
* Knowledge in JavaScript, Node.js, Java, HTML, Python
* Willingness and proven ability to quickly acquire development
proficiency in new technologies
* Fluent in English (working language)
* Good oral and written communication skills
* Knowledge in Docker and Nagios is a plus
* Knowledge in Security is a plus
* Knowledge on video making software is a plus
We are SAP
SAP innovations help more than 400,000 customers worldwide work
together more efficiently and use business insight more effectively.
Originally known for leadership in enterprise resource planning (ERP)
software, SAP has evolved to become a market leader in end-to-end
business application software and related services for database,
analytics, intelligent technologies, and experience management. As a
cloud company with 200 million users and more than 100,000 employees
worldwide, we are purpose-driven and future-focused, with a highly
collaborative team ethic and commitment to personal development.
Whether connecting global industries, people, or platforms, we help
ensure every challenge gets the solution it deserves. At SAP, we build
breakthroughs, together.
Our inclusion promise
SAP’s culture of inclusion, focus on health and well-being, and
flexible working models help ensure that everyone – regardless of
background – feels included and can run at their best. At SAP, we
believe we are made stronger by the unique capabilities and qualities
that each person brings to our company, and we invest in our employees
to inspire confidence and help everyone realize their full potential.
We ultimately believe in unleashing all talent and creating a better
and more equitable world.
SAP is proud to be an equal opportunity workplace and is an
affirmative action employer. We are committed to the values of Equal
Employment Opportunity and provide accessibility accommodations to
applicants with physical and/or mental disabilities. If you are
interested in applying for employment with SAP and are in need of
accommodation or special assistance to navigate our website or to
complete your application, please send an e-mail with your request to
Recruiting Operations Team: Americas: Careers.NorthAmerica@sap.com or
Careers.LatinAmerica@sap.com, APJ: Careers.APJ@sap.com, EMEA:
Careers@sap.com.
EOE AA M/F/Vet/Disability:
Qualified applicants will receive consideration for employment without
regard to their age, race, religion, national origin, ethnicity, age,
gender (including pregnancy, childbirth, et al), sexual orientation,
gender identity or expression, protected veteran status, or
disability.
Successful candidates might be required to undergo a background
verification with an external vendor.
Requisition ID:328176 | Work Area: Software-Design and Development |
Expected Travel: 0 - 10% | Career Status: Student | Employment Type:
Intern |