September 8, 2015 at 10:59

Enterprise Application Protection: How to Become a PT Application Firewall Developer



    For two consecutive years, during the Positive Hack Days international forum, the WAF Bypass contest was held to bypass the PT Application Firewall . We published on the blog an analysis of the tasks of this competition ( 2014 and 2015 ).

    Over the year, the popularity of the competition has grown significantly: this spring, 302 people registered for participation (101 a year earlier), who sent 271,390 requests during the competition (twice as much as in the previous year).

    At the same time, many competitors and guests of PHDays were interested not only in the competition itself and its tasks, but also in the screen that needed to be circumvented. Therefore, we decided to talk a little more about this tool and invite those habrayuzers who are interested in the WAF topic to participate not only in the competition, to participate in its development.

    A bit of history


    Our company has been dealing with cyber threats for 13 years, during which time we have developed a number of software solutions that now provide security for more than 1000 companies in 30 countries.

    One such project is the Positive Technologies Application Firewall (PT AF), an intelligent firewall that helps protect web portals, ERP systems, and mobile applications. The product has already proved to be quite good in “combat” conditions: for example, when protecting the websites of the VGTRK media holding during the 2014 Winter Olympics . And the international analytical company Gartner, having studied our protective shield, called Positive Technologies the company “Visionary” in its study “ Magic Quadrant for Application Firewalls 2015 ”.

    We want to make the product even better, and for this we need dedicated people.

    Technical details


    The product is developed and delivered as a Hardware Appliance or Virtual Appliance (with Reverse Proxy, Mirrored SPAN and Forensics operating modes) - therefore, all parts of the system must complement each other. The solution is “tailored” to work with highly loaded systems (10 Gbps traffic). It is possible to cluster with horizontal scaling to increase productivity.



    Considering PT AF as a multicomponent system, several development areas can be distinguished:

    • System of assembly and installation of the product;
    • User Interface Frontend
    • User Interface Backend
    • The core of the product. Logic of traffic analysis;
    • Network infrastructure. Logic of receiving and parsing traffic;
    • Machine learning. Heuristic algorithms for evaluating user behavior and sent data.

    For further development of the system, we are looking for C ++ developers, Python / JS and testers. And here are what tasks they (that is, you) have to deal with.

    C ++ Developers


    • Implementation of machine learning algorithms for highlighting anomalies in transmitted traffic, user behavior anomalies, bot detection, DDoS detection.
    • Using a GPU to accelerate mathematical calculations, CUDA technology, OpenCL (used in machine learning algorithms). Expected study Xeon Phi.
    • Redesigning the architecture of the product core in order to be able to embed in any Proxy web-servers, such as nginx, apache, lighttpd, IIS.
    • SSL acceleration device integration in appliance PT AF.
    • Analysis of traffic to databases, analysis of protocols, identification of anomalies in traffic, delimitation of user access.
    • Switching to faster libraries / drivers for receiving data from network cards, such as Netmap, SPDK.
    • Implementation of technology Load balancing traffic.

    Python / JS Developers


    • Design and implementation of the PT AF SaaS architecture.
    • Realization of the possibility of differentiating user rights to manage security policies for a large number of installed product copies (multitenance).
    • Work on the REST API - PT AF management tool, which is used both for its own UI and for integration with any other external systems.
    • The development of Orchestration and Provisioning systems, allowing you to create enough copies of the product to serve user traffic.
    • CLI is a REST API-based console product management interface.
    • Development and support of the new Frontend version for UI. The language is mainly AngularJS, Node.JS.
    • Product update system development. Integration with your own license management server. Organization of access for technical support to the PT AF server. Collect statistical information from PT AF to the data collection server.
    • Refinement of the reporting system - generation of reports on incidents, system status, workload, standardization of user reports.

    Quality Engineers


    • Manual and automated testing of all of the above;
    • Checking the protection of L7 through WAF against all types of attacks;
    • Support for the load testing farm and its implementation (tens of thousands of HTTP RPS);
    • Analysis of complex functionality and development of approaches to its testing.

    What do we offer


    The project team is still small, which means that each of its members can make key decisions. Among other things, working at Positive Technologies is:

    • Design according to the Labor Code of the Russian Federation;
    • 6 weeks paid vacation;
    • VHI, including dentistry;
    • Ability to choose the start time of the working day;
    • Office 30 steps from the metro station Preobrazhenskaya Square (Moscow);
    • The opportunity to attend specialized international and Russian conferences;
    • Lack of dress code and respect for the values ​​of each employee.

    Send a story about yourself and the projects in which you managed to participate, send in text format in the body of the letter to the email address career@ptsecurity.com .
    Tags:

    Also popular now: