Build a security assessment tool

Subject

At DecisionBrain, we develop and provide a software platform called DB Gene. This software platform is used internally to build software solutions for our customers, or is used directly by our customers when they want to build their own applications. The platform is a guide and a foundation for the software built on top of it. So at DecisionBrain we need to monitor the software quality of the platform from a security point of view to ensure we do not introduce vulnerabilities in our customer’s applications. We already have various tools that search for vulnerabilities at the different stages of the production of the platform. These tools generate some reports in various formats. These reports have to be consolidated regularly in an assessment of the remaining vulnerabilities of the platform. The assessment is currently a human analysis of each remaining vulnerability.

What you will do

The objective of this internship is to build a tool to gather all the reports in a unified format and conduct a set of automatic analyses that will help the analyst to assess the vulnerabilities.
The tool needs to be extensible and able to easily handle new reports formats or new automatic analyses.

What you will learn

During the internship, you will learn the security process we have put in place and an overview of each of the tools used to scan vulnerabilities.

Skills Required

On the technical side, the following skills will be required. You are not expected to fully master all of them, but you should be proficient enough in at least part of them, so that acquiring the other skills is doable.

• Typescript / Angular development (a very small interface will be done in Angular).
• Knowledge of REST API principles, and of exchange formats such as XML and JSON.
• Java development (the back-end will be developed in Java).