http://www.www2003.org/finalists.htm). Further, the
group devised the world’s first verification engine for web applications using
source code analysis, which again won Best Paper Finalist in WWW2004
(http://www.www2004.org/awards.htm). With leading and proven technology,
Armorize was founded to commercialize these advancements to fulfill today’s
unmet market needs in web security.
[The Market]
The global enterprise security market will grow from US$7.1 billion in 2002 to
over US$13.1 billion in 2006 (Business Insights, November 2004). However, more
than 90% of current solutions today are passive, hardware solutions which offer
protection only at the network level. Symantec Internet Threat Report in 2004
indicates that more than 70% of a company’s attacks came from the application
layer, not the network or system layer. More over, the same report stated that
8 of the top 10 attacks are associated with Web applications. The Card Systems
breach in June 17, 2005 (with 40 million credit card accounts lost) was one of
the few examples to vulnerabilities to web applications. All together, the NIST
(National Institute of Standards and Technology) and IDC estimate an annual loss
of over US$60 billion due to web insecurity.
With increased mission-critical transactions over website, increased high-
profile failures for web applications, and increased costs to traditional way of
internet security, Armorize sees strong market drivers and unmet market needs
for an automated source code analysis tool specially designed for web developers
and corporate CIOs. Currently, few companies are able to provide source code
verification technology to script languages. Armorize is the first to capture
this market and target to be the market share leader in this space.
[The Technology]
Traditional methods for web security focus primarily on network-level of attacks
rather than on the application source code itself. Therefore, most network-
level protection, such as firewalls and intrusion detection systems, are passive
defensive solutions that do not address the root cause of web vulnerabilities.
The Armorize solution is a new school of active defense to web attacks.
Armorize tools scans the source code of web applications and patches
vulnerabilities while the developer creates the website, making it secure from
the start. The patent-pending verification technology provides a fast, precise,
and accurate way to detect and fix web application vulnerabilities.
Before Armorize and its automated testing tools, the only alternative was to
have consultants conduct penetration testing or manual auditing against the
source code. Both methods have severe limitations which hinder full protection
for the corporate website. While suffering from a high false negative rate
(finding some but not all the vulnerabilities), penetration testing can only be
performed late in the software development life cycle, leading to higher costs
of remediation. Manual source code auditing, while addressing vulnerabilities
early in the software development life cycle, also suffers from false negatives
because it is difficult for the human mind to model all possible behavior
combinations of today’s complicated web application. Manual auditing is also
extremely expensive and time consuming.
With the Armorize verification tool, the developer can scan his or her own
source code while writing the program. The product provides immediate
remediation early in the development cycle, has few false negatives, and is
ready to integrate with a development team’s existing processes so that it can
be used routinely to ensure security of today’s ever-changing Web applications.
Unlike other source code scanners which suffer from high false positives
(reporting possible vulnerabilities that are not really there), Armorize’s
patented verification algorithms guarantee a very low false positive rate.
[The Team]
With an award-winning team of global security veterans and researchers, Armorize
is helping firms to efficiently protect against web attacks across financial,
telecom, e-commerce and government sectors. Armorize is expanding its current
development team in order to build stronger products and to serve enterprise
customers worldwide.
Armorize is looking for talents in the following positions:
A. Java Developer, bachelor degree or above, with 2+ years professional Java/OOP
GUI experience, team player, Design Patterns, JDBC, SWT, Swing and JFace skills
are necessary.
B. Senior Java Developer, BS degree in CS-related degree or above, with 5+ years
professional Java/OOP experience, team player, XML, UML, Design Patterns, Web
Services, and Testing skills are necessary, Sun Java certificate and demo will
be a plus.
C. Security Expert, bachelor degree or above, with 3+ years in the security
industry, familiar with penetration techniques and Web application
vulnerabilities.
Our R&D center is currently located in one of the best parts of the the Nankang
Software Park (http://www.softwarepark.com.tw/). For more information, please
send your resume and inquiries to [email protected] . We look forward for you
to join us!
Armorize Technologies, Inc.
--
※ 發信站: 批踢踢實業坊(ptt.cc)
◆ From: 61.229.17.99
矽谷在台投資軟體公司誠徵Java程式設計高手與security專家
[The Company]
Armorize Technologies Inc. is a software quality company focused on source code
analysis for web application security. Based on patented and award winning
software verification technologies from WWW2003 and WWW2004 Conferences,
Armorize provides an automated security assessment and assurance tool for
developers and CIOs to scan, detect, and patch web vulnerabilities from the
source code level, making web applications secure from the start.
Armorize was founded in 2005 with its headquarter in Santa Clara, CA, and its
R&D center in Taipei, Taiwan. Led by a group of security veterans and invested
by top angel investors in the Silicon Valley, the company encompasses
researchers from National Taiwan University, National Chiao-Tung University,
RWTH Aachen in Germany, and Stanford University. The group of researchers came
up with one of the world’s first penetration testing tools, which won Best
Paper Finalist in WWW2003 (