像凯文·米特尼克一样工作
凯文·米特尼克(Kevin David Mitnick)1964年出生于美国洛杉矶。
他在15歲时就破解北美空中防务指挥系统成功,在他16岁时就被逮捕,他也因此而成为了全球第一名网络少年犯。
破译太平洋电话公司的密码,修改上万美国家庭的电话号码,被电脑信息跟踪机跟踪并第一次被逮捕,出狱后又修改了不少公司的财务帐单,导致他又被逮捕,入狱一年。
不过释放后的米特尼克并未收手,在后来他又成功入侵了诺基亚、摩托罗拉、升阳以及富士通等公司计算机,盗取企业重要资料,FBI统计他给这些公司带来的损失高达4亿美元。
1994年,米特尼克向圣迭戈超级计算机中心进行入侵与攻击,并戏弄了在此工作的日裔美籍计算机安全专家下村努,盗走了他计算机中的文件,还使用会话劫持技术盗走他的网站的流量。后来下村努使用蜜罐技术设立了“蜜罐”让米特尼克中计引诱他上钩,用“电子隐形化”技术进行跟踪,结果1995年米特尼克再次被逮捕。
这是一场让人荡气回肠的战争,这场战争的主角,人们叫他们“黑客”。
"巡游五角大楼,登录克里姆林宫,进出全球所有计算机系统,摧垮全球金融秩序和重建新的世界格局,谁也阻挡不了我们的进攻,我们才是世界的主宰。"
在黑客世界裡,各组织的精神与文化都是不相同的,但有一个共同点就是对技术的崇拜与对创新的不断追求。
你有这种技术崇拜症吗?你曾经梦想过像黑客一样生活吗?
今天,我们向您提供一个像黑客那样工作的机会。Active的安全团队即将在中国建立起来,这个团队的成员,将有机会和全世界最聪明的人一起,针对Active的软件产品,做出最巧妙精致的攻击设计。面对Active日益严峻的Internet安全形势,把所有伸向我们的黑手斩断在我们的领土之外。让程序员在自己产出的安全报告面前目瞪口呆,带领开发团队战胜最难缠的网络骇客,这些,就是你的工作内容!这个职位,我们称之为 Web安全工程师。
这是一个需要激情和创造力的团队,如果你有足够的自信,职位描述中所有的条款你可以不用全部满足。
发信给我,看看你会赢得一个怎样的未来!
joey.yin@activenetwork.com
Position: Web Application Security Engineer
As a member of the web security team the candidate will design and implement security related capabilities.
Tasks and Responsibilities:
- Work with product team, providing training and assistance to ensure applications are in line with security controls.
- Provide guidance to product development team regarding secure web application development best practices.
- Review software requirements specifications for products and ensure security requirements are suitably defined.
- Run periodic vulnerability assessments, perform vulnerability scans and code reviews for our products.
- Improve test plan practice/template to include security requirement measurement so that security best practices have been met and implemented in to applications.
- Implement secure code reviews and static code analysis to identify the vulnerabilities.
- Contribute to defining policies, standards, procedures for applications, and software development procedures.
- Other responsibilities and key result areas as required or assigned.
Requirements:
- 3+ years of experience in web application security/development area.
- Thorough understanding of and ability to explain and demonstrate common web application vulnerabilities. e.g. broken access control, cross site scripting, injection flaws, etc.
- Experienced with programming languages commonly used in application development, with the ability to review code for Java. Areas such as SQL, Web Service, XML, Flex, and AS3 would also be useful.
- Solid HTTP protocol and client side programming knowledge including HTML, CSS, JavaScript, etc.
- Experience with web application vulnerability testing.
- Familiarity with java security, J2SE, JAAS is a plus.
- Familiarity with Flex, AS3 is a plus.
- Excellent English verbal and written communication skills. Strong preference is given to candidates that are experienced speakers or industry experience in leading application security teams before.
posted on 2009-02-23 16:51 Activenetwork 阅读(711) 评论(0) 编辑 收藏 举报