Web application penetration testing, including APIs: the intern will get access to the APIs that are used by integrators and applications. With the help of the API documentation, the intern is going to perform penetration tests and address issues to the API team.
Application code analysis (back- and frontend): the intern will review the application code and will look for potential security related issues. The intern will document these issues or concerns, assess the risk, propose mitigations and share the findings with the application developers. At the end, the intern will implement the actual fix, issue a pull request, and get it reviewed by developers.
Hardening Linux servers: the intern will assess the configuration of the Linux operating system used on webservers. The intern will propose hardening options, evaluate the ideas with the DevOps team, and set up a proof of concept to test functionality and security.
Knowledge and/or experience with threat analysis and penetration testing methodologies and tooling
Knowledge of at least one programming language, web application technologies and frameworks
Knowledge of security issues affecting Internet-facing applications
Knowledge of cloud application structure
Knowledge of UNIX/Linux environments
Excellent written and oral communication skills in English
Fluency in Dutch
Membership/participation in one or more security communities such as OWASP