Topic: Extending taint inference for Java web applications (RASPunzel) 

Duration: 3 months (Nov '21 - Feb '22)

Abstract: 
Injection vulnerabilities are commonly found in web applications and, when exploited, can have disastrous consequences. Despite this, developers continue to introduce new injection vulnerabilities into their codebases. Taint inference is a lightweight dynamic analysis technique used to identify and track user-controlled data at sensitive points during application execution, ideally preventing injection attacks. These 'sensitive points' can vary widely based on the libraries, frameworks and design patterns used in an application.

Java web applications tend to use a wide assortment of third-party libraries and frameworks to manage information such as HTTP requests, serialisation, and database communication. The behaviour of these libraries can depend not only on the library chosen but also the version in use, resulting in a massive number of different ways to achieve the same task. A robust taint inference analysis for Java must be aware of these variations and be able to recognise and process them accordingly. Additionally, the analysis must be functional on real-world applications, i.e. scalable to large, long-running web services and capable of recognising asynchronous request handling.

The expected outcomes of this internship are:

•    The identification of critical third party APIs that either provide user-controlled data to an application, or perform security sensitive operations
•    The identification of common coding patterns and APIs used to asynchronously process requests
•    Extension of an existing taint inference analysis to be more generalised, using the identified APIs and coding patterns

You will be expected to:

•    Be undertaking a Bachelors or higher degree in software engineering or a related field, with excellent academic results
•    Have strong problem solving and software engineering skills
•    Be proficient in the Java programming language
•    Be able to work independently and collaboratively
•    Be capable of learning new technologies and techniques on the job

Good to have:

•    Experience working with Java agents and Java instrumentation
•    Experience with Java byte code manipulation frameworks (e.g. Byte Buddy, ASM, BCEL, JavaAssist)
•    Experience working with source control management systems (e.g. Git, Mercurial, SCM)
•    Experience with Java web application libraries and frameworks (e.g. Java Servlets, Jackson Databind, JDBC)

This job code is utilized for the majority of our temporary hires. The individual is performing hourly job duties as defined under the Fair Labor Standards Act.