Publiée le 29 mai
Description de l'offre
Requisition ID: 233308
Work Area: Software-Research
Expected Travel: 0 - 10%
Career Status: Student
Employment Type: Limited Full Time
SAP started in 1972 as a team of five colleagues with a desire to do something new. Together, they changed enterprise software and reinvented how business was done. Today, as a market leader in enterprise application software, we remain true to our roots. That’s why we engineer solutions to fuel innovation, foster equality and spread opportunity for our employees and customers across borders and cultures.
SAP values the entrepreneurial spirit, fostering creativity and building lasting relationships with our employees. We know that a diverse and inclusive workforce keeps us competitive and provides opportunities for all. We believe that together we can transform industries, grow economics, lift up societies and sustain our environment. Because it’s the best-run businesses that make the world run better and improve people’s lives.
Maintaining security is a constantly shifting task, and we need to respond with continuous learning and research. The portfolio of SAP Security Research contains those topics that we believe are most important
for SAP’s security future.
SAP’s vision to secure business is built on 3 ideals: Zero-Vulnerability, to harden the software by eliminating vulnerabilities, Defensible Application, to enable the software to identify and prevent attacks, and Zero-Knowledge, to make any theft of data useless through encryption.
Considering these aspects, SAP Security Research covers the following focal areas: Anonymization for Big Data, Secure Internet of Things, Software security analysis, Open-source analysis, Deceptive application, Applied cryptography, Quantum technology, and Machine Learning as enabler for the next generation of security.
Security Research proposes a 6-month internship in its Sophia-Antipolis offices (Mougins, France).
SAP business applications depend on open-source software (OSS) components, and it is paramount to ensure that such components are secure and do not contain vulnerabilities. Careful analysis is necessary to protect both SAP customers and SAP itself from any harm that can result from the use of insecure and vulnerable OSS.
One element supporting this goal is to use software tools to automate the analysis of OSS usage. SAP Security Research has developed a tool (https://github.com/SAP/vulnerability-assessment-tool) that scans Java and Python applications, identifies insecure OSS components, assesses the security risk in application-specific contexts, and proposes mitigation actions. This tool is regularly used by hundreds of development teams across SAP, and represents one important building block of SAP’s overall strategy regarding the secure use of OSS.
An important problem that we face when operating this tool is to determine the origin and content of an artifact, found among the dependencies of an application. While most vulnerability analysis methods work at the source-code level, at build time, the dependencies are available in binary format; hence the need to determine from which particular source code commit a binary artifact was built from.
This internship aims at developing a method to analyze and characterize binary artifacts (e.g., JAR packages) in order to determine the source code commit from which they were obtained. In practice, artifacts can be assembled out of code from different repositories; conversely, multiple artifacts could be obtained by the same commit (e.g., because each artifact includes only certain parts of the project, or because different build processes (compilers, compiler flags) where used to produce the artifact. Decompilation is not always possible or effective.
To address this problem, the student will devise a technique to characterize and uniquely identify binary artifacts, with a focus on the trade-off between efficiency and accuracy. As part of the internship, the student will implement and validate a tool to automatically map binary artifacts onto the commit(s) from which they were obtained.
We expect that 40% of time will be dedicated to research activities, and 60% to development.
- University Level: Last year of MSc (or less if the student has a good profile)
- Solid foundations in CS and a passion for well-designed, cleanly implemented software
- Good knowledge of one or more of the following languages: Java, Python
- Experience with GIT
- Good command of the Linux shell and bash scripting
- Knowledge in (or interest in learning) machine learning basics is desirable
- Interest in experimental research
- Fluency in English (working language)
- Good oral and written communication skills
Founded in 1972, SAP has grown to become the world's leading provider of business software solutions. SAP is market leader in enterprise application software. The company is also the fastest-growing major database company. Globally, more than 77% of all business transactions worldwide touch an SAP software system. With more than 347.000 customers in more than 180 countries, SAP includes subsidiaries in all major countries. SAP is the world's largest inter-enterprise software company and the world's third-largest independent software supplier, overall. SAP solutions help enterprises of all sizes around the world to improve customer relationships, enhance partner collaboration and create efficiencies across their supply chains and business operations. SAP employs more than 98.600 people.
Security Research at SAP Labs France, Sophia Antipolis
Based at SAP Labs France Mougins, Security Research Sophia-Antipolis addresses the upcoming security needs, focusing on increased automation of the security life cycle and on providing innovative solutions for the security challenges in networked businesses, including cloud, services and mobile.
WHAT YOU GET FROM US
Success is what you make it. At SAP, we help you make it your own.
A career at SAP can open many doors for you. If you’re searching for a company that’s dedicated to your ideas and individual growth, recognizes you for your unique contributions, fills you with a strong sense of purpose, and provides a fun, flexible and inclusive work environment – apply now.
SAP'S DIVERSITY COMMITMENT
To harness the power of innovation, SAP invests in the development of its diverse employees. We aspire to leverage the qualities and appreciate the unique competencies that each person brings to the company.
SAP is committed to the principles of Equal Employment Opportunity and to providing reasonable accommodations to applicants with physical, sensory and/or mental disabilities. If you are interested in applying for employment with SAP and are in need of accommodation or special assistance to navigate our website or to complete your application, please contact us at Careers.Germany@sap.com. Requests for reasonable accommodation will be considered on a case-by-case basis.
Successful candidates might be required to undergo a background verification with an external vendor.