SAP Internship: Fingerprinting attackers- M/F Job in Mougins, France

Requisition ID: 201171

Work Area: Software-Research

Expected Travel: 0 - 10%

Career Status: Student

Employment Type: Limited Full Time


SAP started in 1972 as a team of five colleagues with a desire to do something new. Together, they changed enterprise software and reinvented how business was done. Today, as a market leader in enterprise application software, we remain true to our roots. That’s why we engineer solutions to fuel innovation, foster equality and spread opportunity for our employees and customers across borders and cultures.

SAP values the entrepreneurial spirit, fostering creativity and building lasting relationships with our employees. We know that a diverse and inclusive workforce keeps us competitive and provides opportunities for all. We believe that together we can transform industries, grow economics, lift up societies and sustain our environment. Because it’s the best-run businesses that make the world run better and improve people’s lives.

SAP’s security vision is built on 5 ideals to secure business: Defendable Application, Zero-Knowledge, Zero-Vulnerability, Security by Default, and Transparency.

SAP’s security research group lays the foundation for realising the vision: The 30 researchers of the Security Research unit focus on security engineering (e.g., the automation of the secure software development lifecycle), secure business execution (e.g., business process security and security in cloud based business applications) and secure operations (e.g., secure maintenance and support of complex and heterogeneous cloud IT landscapes).

Security Research proposes a 6-month internship in its Sophia-Antipolis offices (Mougins, France).


This internship is based in the SAP Labs France Research Lab, in Sophia-Antipolis. The work will be performed in the context of the Research Program “Security & Trust”, under the “Defendable Application” topic. This topic aims at protecting applications by directly reacting to attackers performing active information gathering, as well as attackers who already found a way in (for example thanks to a successful credential theft through a phishing email)

SAP has developed an approach consisting in detecting malicious activity thanks to a set of deployed or virtual honeytokens, followed by a diversion phase where the attacker is re-routed to a honeypot.

However, attackers do not rely on a single tool or browser session to perform their activities. They will likely use several tools based on their need, including web browser, interception proxy, nmap scripts, force browsing scripts, custom scripts etc.

They might further work alone, in a team, and/or delegate some of the tasks to a botnet.

This fact poses a problem when it comes to diverting identified attacks to a honeypot while keeping the real system available for legitimate users: an attacker might realize that the responses provided by different tools are inconsistent, tipping her off the presence of the honeypot, ultimately letting her understand how to circumvent the honeytokens.

Naïve detection, such as relying on the source IP address or on the user-agent, can be a start, but such an approach is far from offering an adequate protection. The goal of this internship is as such to devise advanced fingerprinting approaches capturing attacks across tools and attacking machines, and to implement a prototype demonstrating the feasibility of the approach.

We expect that 70% of time will be dedicated to research activities and 30% to development.


  • University Level: Last year of MSc in Computer Science or beyond

  • Experience or knowledge of attacker methods from a technical level

  • Attack kill-chain, penetration testing, botnets

  • Fluency in English (working language)

  • Abilities in organizing meeting and contacting people

  • Good oral and written communication skills

  • Capacity to write documents in English, ability to synthesize



Over the past 45 years, SAP has grown to become the world's leading provider of business software solutions. With 12 million users, 96,400 installations, and more than 1,500 partners, SAP is the world's largest inter-enterprise software company and the world's third-largest independent software supplier, overall. SAP solutions help enterprises of all sizes around the world to improve customer relationships, enhance partner collaboration and create efficiencies across their supply chains and business operations. SAP group includes subsidiaries in over 180 countries and employs more than 84 000 people.

Security Research at SAP Labs France, Sophia Antipolis

Based at SAP Labs France Mougins, Security Research Sophia-Antipolis addresses the upcoming security needs, focusing on increased automation of the security life cycle and on providing innovative solutions for the security challenges in networked businesses, including cloud, services and mobile.


Please send in English your CV, a cover letter and any relevant documents in English


Success is what you make it. At SAP, we help you make it your own. A career at SAP can open many doors for you. If you’re searching for a company that’s dedicated to your ideas and individual growth, recognizes you for your unique contributions, fills you with a strong sense of purpose, and provides a fun, flexible and inclusive work environment – apply now .


To harness the power of innovation, SAP invests in the development of its diverse employees. We aspire to leverage the qualities and appreciate the unique competencies that each person brings to the company.

SAP is committed to the principles of Equal Employment Opportunity and to providing reasonable accommodations to applicants with physical and/or mental disabilities. If you are in need of accommodation or special assistance to navigate our website or to complete your application, please send an e-mail with your request to Recruiting Operations Team (Americas: or , APJ: , EMEA: ).

Successful candidates might be required to undergo a background verification with an external vendor.

Additional Locations :