• Internship: Security testing research techniques for SAP - F / M Jobs in France - 25064944

  • SAP Labs Pvt Ltd
  • France
  • Save Job
  • 0 - 3 Years
  • Posted : above 1 month

Job Description:

City Mougins, 06, FR

Company SAP

Requisition ID 232928
Work Area Software-Research
Expected Travel 0 - 10 PERCENT
Career Status Student
Employment Type Limited Full Time

SAP started in 1972 as a team of five colleagues with a desire to do something new Together, they changed enterprise software and reinvented how business was done Today, as a market leader in enterprise application software, we remain true to our roots Thats why we engineer solutions to fuel innovation, foster equality and spread opportunity for our employees and customers across borders and cultures

SAP values the entrepreneurial spirit, fostering creativity and building lasting relationships with our employees We know that a diverse and inclusive workforce keeps us competitive and provides opportunities for all We believe that together we can transform industries, grow economics, lift up societies and sustain our environment Because its the best-run businesses that make the world run better and improve peoples lives


Maintaining security is a constantly shifting task, and we need to respond with continuous learning and research The portfolio of SAP Security Research contains those topics that we believe are most important

for SAPs security future

SAPs vision to secure business is built on 3 ideals Zero-Vulnerability, to harden the software by eliminating vulnerabilities, Defensible Application, to enable the software to identify and prevent attacks, and Zero-Knowledge, to make any theft of data useless through encryption

Considering these aspects, SAP Security Research covers the following focal areas Anonymization for Big Data, Secure Internet of Things, Software security analysis, Open-source analysis, Deceptive application, Applied cryptography, Quantum technology, and Machine Learning as enabler for the next generation of security

Security Research proposes a 6-month internship in its Sophia-Antipolis offices (Mougins, France)


The increasingly large number of vulnerabilities that affect web-based applications has severe consequences Attackers rely on these flaws to routinely compromise millions of web sites, steal personal and financial data, and penetrate private infrastructures

To mitigate the Webs security problems many techniques and tools have been developed over the years The three major approaches to identify vulnerabilities are SAST (static application security testing), DAST (dynamic application security testing) and IAST (Interactive application security testing) SAST requires the source code of the application while DAST and IAST require the application to be up-and-running and ready for passive/active testing All the three approaches feature pro and cons In general, SAST is subject to false positives (report attacks that are not real attacks) while DAST to false negatives (miss real attacks) IAST features almost zero false positives, but it requires complete ownership of the testing landscape in which IAST agents must be deployed to monitor the execution of the application and the coverage of the analysis depends on the available functional tests as well as on the available techniques to amplify this coverage

We at SAP Security Research have been working on DAST techniques to detect vulnerabilities such as logic flaws [NDSS2016] and CSRF [EuroSP2017] These techniques have been further developed and experimented internally at SAP to reach a more mature status Fuzzing could be used to increase the effectiveness of these techniques In this internship, we aim to further progress our techniques and to integrate them within best-suited penetration test frameworks (eg, OWASP ZAP) to enable broader adoption, possibly also outside SAP

More specifically, the goals of the internship are as follows

Understanding the SAP development process
Understanding SAST, DAST, and IAST approaches (possibly experiencing with concrete tools/techniques)
Studying challenging vulnerabilities (eg, CSRF and logic flaws)
Investigating existing and novel solutions to detect these vulnerabilities a high degree of automation
Contributing to the development of our testing framework at SAP, also by integrating these solutions within best-suited frameworks (eg, OWASP ZAP)
Assessing this framework against real world SAP and non-SAP scenarios
Support SAP internal users toward the consumption of this framework
Documenting the developed software and the overall activities

We expect that 30 PERCENT of time will be dedicated to research activities, and 70 PERCENT to development and experiments


University Level Last year of MSc and behind
Good skills in modelling, analysis and programming (Python, Java)
Good skills in web technologies (HTTP, HTTPS, server/client-side programming language)
Security background
Fluency in English (working languages)
Good oral and written communication skills



Founded in 1972, SAP has grown to become the worlds leading provider of business software solutions SAP is market leader in enterprise application software The company is also the fastest-growing major database company Globally, more than 77 PERCENT of all business transactions worldwide touch an SAP software system With more than 347000 customers in more than 180 countries, SAP includes subsidiaries in all major countries SAP is the worlds largest inter-enterprise software company and the worlds third-largest independent software supplier, overall SAP solutions help enterprises of all sizes around the world to improve customer relationships, enhance partner collaboration and create efficiencies across their supply chains and business operations SAP employs more than 98600 people

Security Research at SAP Labs France, Sophia Antipolis

Based at SAP Labs France Mougins, Security Research Sophia-Antipolis addresses the upcoming security needs, focusing on increased automation of the security life cycle and on providing innovative solutions for the security challenges in networked businesses, including cloud, services and mobile


Success is what you make it At SAP, we help you make it your own A career at SAP can open many doors for you If youre searching for a company thats dedicated to your ideas and individual growth, recognizes you for your unique contributions, fills you with a strong sense of purpose, and provides a fun, flexible and inclusive work environment apply now

To harness the power of innovation, SAP invests in the development of its diverse employees We aspire to leverage the qualities and appreciate the unique competencies that each person brings to the company

SAP is committed to the principles of Equal Employment Opportunity and to providing reasonable accommodations to applicants with physical and/or mental disabilities If you are in need of accommodation or special assistance to navigate our website or to complete your application, please send an e-mail with your request to Recruiting Operations Team (Americas CareersNorthAmericasapcom or CareersLatinAmericasapcom, APJ CareersAPJsapcom, EMEA Careerssapcom)

Successful candidates might be required to undergo a background verification with an external vendor

Additional Locations

Job Segment ERP, SAP, Intern, Security, Technology, Research, Entry Level

Profile Summary:

Employment Type : Full Time
Eligibility : Any Graduate
Industry : Software Services, Internet/Dot com/ISP
Functional Area : IT Software : Software Products & Services
Role : Software Engineer
Salary : As per Industry Standards
Deadline : 11th May 2020

Key Skills:

Taking these free online tutorials can help you get your next job

People who search this job also searched for the following Keywords


Salary trends based on over 1 crore profiles

View Salaries

All rights reserved © 2018 Wisdom IT Services India Pvt. Ltd DMCA.com Protection Status