Research Intern: Exploring Auto-configuration in REST API Fuzzing
OracleAu-au,australia-brisbaneUpdate time: February 26,2020
Job Description
Are you motivated to use your knowledge of Python to learn about state-of-the-art in security vulnerabilities? Are you interested in learning how to use fuzzers effectively?
If so, we have a 4-6 month, full-time internship tenable during June 2020 to May 2021 that will interest you.
One of the primary challenges of security testing and fuzzing is configuration. The general idea of this internship is to take the first step towards semi-automatically configuring an existing REST fuzzer with minimal manual effort. As an initial goal, we aim to understand the feasibility of automatic configuration, investigating which parts of a configuration can be fully automated and which parts can be redesigned to require minimal manual customization.
As part of this exploration, you will investigate how to leverage security researcher’s insights (via manual feedback) and automatically enforce them. For this purpose, you will explore existing DSLs that are easy to understand to incorporate new security rules. The separation of security-specific configurations and non-security-specific configurations will ensure that an average developer does not need to understand or update the security configurations.
The first step would be to investigate the existing insights provided by the security analysts to prioritise and categorise the vulnerabilities of interest, and represent them in a DSL. A related challenge is how to drive the fuzzer based on the evolving security-related configurations. Towards this we would extend an existing REST fuzzer with a security specific input generator based on the new rules in the configuration.
Duties You will\:
• Study state-of-the-art in security related fuzzing REST APIs;
• Explore different techniques to specify security and non-security specific configurations;
• Explore how to automate security researcher’s insights;
• Meet with your supervisor daily for guidance and to discuss ways to solve the problem;
• Attend team meetings and give updates on your work;
• Present your findings and outcomes to the group.
• Study state-of-the-art in security related fuzzing REST APIs;
• Explore different techniques to specify security and non-security specific configurations;
• Explore how to automate security researcher’s insights;
• Meet with your supervisor daily for guidance and to discuss ways to solve the problem;
• Attend team meetings and give updates on your work;
• Present your findings and outcomes to the group.
Prerequisites\:
• Currently enrolled in a PhD or research-based Masters degree in Computer Science or Software
Engineering.
• Have excellent Python programming skills
• Have excellent software engineering skills
• Have strong understanding of REST architecture
• Understand OWASP top 10 vulnerabilities and CVEs
• Demonstrated ability to work independently and collaboratively
• Knowledge testing web apps will be beneficial
• Currently enrolled in a PhD or research-based Masters degree in Computer Science or Software
Engineering.
• Have excellent Python programming skills
• Have excellent software engineering skills
• Have strong understanding of REST architecture
• Understand OWASP top 10 vulnerabilities and CVEs
• Demonstrated ability to work independently and collaboratively
• Knowledge testing web apps will be beneficial
Benefits\:
• These positions are paid at current industry rates.
• Where appropriate, travel & visa costs associated with overseas applicants will be reimbursed.
• Ongoing learning is incorporated in all aspects of the project.
• These positions are paid at current industry rates.
• Where appropriate, travel & visa costs associated with overseas applicants will be reimbursed.
• Ongoing learning is incorporated in all aspects of the project.
!|!
Get email alerts for the latest"Research Intern: Exploring Auto-configuration in REST API Fuzzing jobs in Au-au,australia-brisbane"