static analysis & security summer internship at HP Fortify
Lu Zhao
I'm sorry for my soliciting, but I think this is a good opportunity for
someone who is interested in using static/dynamic analyses to find
security vulnerabilities in software.
Our group at HP fortify develop and research techniques to perform
security testing, namely, finding security vulnerabilities in programs.
Our static analysis product supports most major high-level languages,
including C/C++, Java, Python, JavaScript and so on, the dynamic
analyzer supports Java and .NET platforms. Typical analyses include
taint, buffer overflow, control flow etc.
For summer interns, possible projects include improving a taint analyzer
or other analyses for web applications, implementing prototype or
proof-of-concept techniques in static, dynamic, or symbolic analyses of
vulnerabilities, or possible binary/LLVM program vulnerability analyses
etc.; if you have new ideas and techniques to find vulnerabilities and
want to implement them in production, you're welcome to exploit them at
here too.
The major languages we use are Java and C/C++, but if you can justify
that your language choice can support your fast prototype development,
you're welcome to give us a shot.
If you're interested in program analyses and security, please send your
resume to me. We're having interviews now.
Thanks very much.
Lu
Petey
- Petey
Christopher Earl
If you're willing to pay, they're willing to let you use their tools.
So if you mean that you want to take a look at their tools because you are
curious as a researcher, probably not. Unless you sign an NDA, you are
potential future competition. And even if you do sign an NDA, you are
potential future competition.
This sounds like an interesting opportunity for anyone who has the summer
free. You'll get to see some of their tools this way, because as an
intern, you are a potential future hire.
Chris
