Titulo Estágio
Automating DAST for Modern Web and API Security
Local do Estágio
Coimbra
Enquadramento
This internship project focuses on the application of Dynamic Application Security Testing (DAST) to automate the detection of security vulnerabilities in Intermedia web applications and APIs using Burp Suite, one of the most widely used tools in the security industry.
The intern will gain hands-on experience in configuring, executing, and interpreting DAST scans, with an emphasis on real-world vulnerability detection, automation, and secure development practices.
Objetivo
- Design and execute a methodology for dynamic scanning of web applications and APIs using Burp Suite
- Identify and validate actionable security vulnerabilities discovered during DAST scans
- Develop a proof-of-concept (PoC) for integrating Burp-based DAST scans within a CI/CD pipeline
- Evaluate the effectiveness and limitations of automated DAST in a modern software development lifecycle
- Produce scripts, automation artifacts, and documentation detailing the configuration and automation process for DAST scans
Plano de Trabalhos - Semestre 1
- Onboard with the Application Security team and understand the security processes in place
- Gather information about the Intermedia web applications and APIs in scope for DAST scanning
- Review Burp Suite documentation, including scan configuration options and available extensions
- Perform DAST scans on selected Intermedia web applications and APIs in a controlled test environment
- Validate scan results through manual testing and collaborate with the appropriate remediation teams
- Learn about common REST API vulnerabilities and configure Burp Suite to test Intermedia APIs using Swagger/OpenAPI definitions or captured API traffic
- Document methodologies, scan results, and any limitations or gaps identified during testing
Plano de Trabalhos - Semestre 2
Review existing documentation and best practices for automating DAST scans with Burp Suite
- Test automated Burp scans on a designated test application to verify functionality and consistency
- Integrate Burp Suite scans into the CI/CD pipeline using scripting and/or Burp configuration files
- Document the end-to-end scripting and automation process, including prerequisites and known issues
- Deliver a final presentation and technical report showcasing the CI/CD-integrated DAST process and the key security findings discovered throughout the project
Condições
- Monthly stipend of €900, based on a full-time commitment (40 hours per week)
- Hybrid work model: if intern is required to work from the company office that will be communicate.
- Hands-on integration with the Application Security team, working closely with security engineers and software engineers in a real-world development environment.
- Practical experience with real-world security data, focusing on the testing and analysis of web app and APIs related vulnerabilities, with direct exposure to modern tools and workflows.
- A dedicated mentor will be assigned to support the intern’s development and success
Observações
Basic understanding of application related vulnerabilities
- Familiarity with secure development practices and security testing tools (e.g., DAST)
- Self-driven and curious individuals, with a practical, problem-solving mindset
- Strong interest in application security testing
- Experience with programming (preferably in Python, JavaScript, or another language used for tooling)
- Final-year Master’s students in Informatics Security
Orientador
Michela D’Errico
mderrico@intermedia.com 📩