Protection of corporate applications: how to become a developer of PT Application Firewall

Two years in a row, during the international forum Positive Hack Days, the WAF Bypass competition was held to bypass the PT Application Firewall firewall . We published a blog analysis of the tasks of this competition ( 2014 and 2015 ).

Over the year, the popularity of the competition has grown significantly: this spring, 302 people registered to participate (a year earlier - 101), who during the competition sent 271,390 requests (twice as many as in the previous year).
')
At the same time, many competitors and guests of PHDays were interested not only in the competition itself and its tasks, but also in the screen that had to be bypassed. Therefore, we decided to tell a little more about this tool and invite those habrayusers who are interested in the topic of WAF not only in the framework of competitions to participate in its development.

A bit of history

Our company has been engaged in the fight against cyber threats for 13 years, during this time we have developed a number of software solutions that now provide security for more than 1000 companies in 30 countries.

One of these projects is the Positive Technologies Application Firewall (PT AF) intelligent firewall - it helps protect web portals, ERP systems and mobile applications. The product has already shown itself well in “combat” conditions: for example, when defending the websites of the VGTRK media holding during the 2014 Winter Olympics . And the international analytical company Gartner, after examining our protective screen, called the company Positive Technologies "Visionary" in its study " Magic Quadrant for Application Firewalls 2015 ".

We want to make the product even better, and for this we need enthusiastic people.

Technical details

The product is developed and supplied as a Hardware Appliance or Virtual Appliance (with Reverse Proxy, Mirrored SPAN, and Forensics operation modes) - so all parts of the system must complement each other. The solution is “sharpened” to work with highly loaded systems (10 Gbps traffic). The possibility of cluster installation with a horizontal scaling for increased performance.



Considering PT AF as a multi-component system, there are several areas of development:

• System assembly and installation of the product;
• User Interface. Frontend;
• User Interface. Backend;
• The core of the product. Traffic analysis logic;
• Network infrastructure The logic of receiving and parsing traffic;
• Machine learning. Heuristic algorithms for evaluating user behavior and data sent.

For further development of the system, we are looking for C ++ developers, Python / JS developers and testers. And these are the tasks that they (that is, you) will have to do.

C ++ developers

• The implementation of machine learning algorithms for the selection of anomalies in the transmitted traffic, anomalies of user behavior, bot detection, DDoS detection.
• Using the GPU to accelerate mathematical calculations, CUDA, OpenCL technology (used in machine learning algorithms). A study is expected Xeon Phi.
• Redesigning the core architecture of the product in order to be able to be embedded in any Proxy web servers, such as nginx, apache, lighttpd, IIS.
• Integration of the SSL acceleration device in the PT AF appliance.
• Analysis of traffic to databases, analysis of protocols, detection of anomalies in traffic, the delimitation of user access.
• Transition to faster libraries / drivers for receiving data from network cards, such as Netmap, SPDK.
• The introduction of technology Load balancing traffic.

Python / JS developers

• Elaboration and implementation of the SaaS-architecture PT AF.
• Realization of the possibility of differentiation of user authority to manage security policies for a large number of installed copies of the product (multitenance).
• Work on the REST API, a PT AF management tool that is used for both its own UI and for integration with any other external systems.
• The development of Orchestration and Provisioning systems that allow you to create enough copies of the product to serve user traffic.
• CLI is a console based product management interface based on a REST API.
• Development and support of the new version of Frontend for UI. Language mainly AngularJS, Node.JS.
• The development of a product update system. Integration with your own license management server. Providing access for technical support to a PT AF server. Collection of statistical information from PT AF to the data collection server.
• Refinement of the reporting system - generating reports on incidents, system status, load, standardization of user reports.

Quality engineers

• Manual and automated testing of all of the above;
• Check the protection of L7 through WAF against all types of attacks;
• Support load testing farm and its implementation (tens of thousands of HTTP RPS);
• Analysis of complex functionality and development of approaches to its testing.

What do we offer

The project team is still small, which means that each of its members can make key decisions. Among other things, working at Positive Technologies is:

• Registration according to the Labor Code of the Russian Federation;
• 6 weeks paid vacation;
• LCA, including dentistry;
• The ability to choose the start time of the working day;
• Office 30 steps from the metro station Preobrazhenskaya Square (Moscow);
• The opportunity to attend specialized international and Russian conferences;
• Lack of a dress code and respect for the values ​​of each employee.

Send a story about yourself and projects that you have been able to participate in, send it in text format in the body of the email to career@ptsecurity.com .