矽谷在台投資軟體公司誠徵Java程式設計高手與security專家 [The Company] Armorize Technologies Inc. is a software quality company focused on source code analysis for web application security. Based on patented and award winning software verification technologies from WWW2003 and WWW2004 Conferences, Armorize provides an automated security assessment and assurance tool for developers and CIOs to scan, detect, and patch web vulnerabilities from the source code level, making web applications secure from the start. Armorize was founded in 2005 with its headquarter in Santa Clara, CA, and its R&D center in Taipei, Taiwan. Led by a group of security veterans and invested by top angel investors in the Silicon Valley, the company encompasses researchers from National Taiwan University, National Chiao-Tung University, RWTH Aachen in Germany, and Stanford University. The group of researchers came up with one of the world’s first penetration testing tools, which won Best Paper Finalist in WWW2003 (http://www.www2003.org/finalists.htm). Further, the group devised the world’s first verification engine for web applications using source code analysis, which again won Best Paper Finalist in WWW2004 (http://www.www2004.org/awards.htm). With leading and proven technology, Armorize was founded to commercialize these advancements to fulfill today’s unmet market needs in web security. [The Market] The global enterprise security market will grow from US$7.1 billion in 2002 to over US$13.1 billion in 2006 (Business Insights, November 2004). However, more than 90% of current solutions today are passive, hardware solutions which offer protection only at the network level. Symantec Internet Threat Report in 2004 indicates that more than 70% of a company’s attacks came from the application layer, not the network or system layer. More over, the same report stated that 8 of the top 10 attacks are associated with Web applications. The Card Systems breach in June 17, 2005 (with 40 million credit card accounts lost) was one of the few examples to vulnerabilities to web applications. All together, the NIST (National Institute of Standards and Technology) and IDC estimate an annual loss of over US$60 billion due to web insecurity. With increased mission-critical transactions over website, increased high- profile failures for web applications, and increased costs to traditional way of internet security, Armorize sees strong market drivers and unmet market needs for an automated source code analysis tool specially designed for web developers and corporate CIOs. Currently, few companies are able to provide source code verification technology to script languages. Armorize is the first to capture this market and target to be the market share leader in this space. [The Technology] Traditional methods for web security focus primarily on network-level of attacks rather than on the application source code itself. Therefore, most network- level protection, such as firewalls and intrusion detection systems, are passive defensive solutions that do not address the root cause of web vulnerabilities. The Armorize solution is a new school of active defense to web attacks. Armorize tools scans the source code of web applications and patches vulnerabilities while the developer creates the website, making it secure from the start. The patent-pending verification technology provides a fast, precise, and accurate way to detect and fix web application vulnerabilities. Before Armorize and its automated testing tools, the only alternative was to have consultants conduct penetration testing or manual auditing against the source code. Both methods have severe limitations which hinder full protection for the corporate website. While suffering from a high false negative rate (finding some but not all the vulnerabilities), penetration testing can only be performed late in the software development life cycle, leading to higher costs of remediation. Manual source code auditing, while addressing vulnerabilities early in the software development life cycle, also suffers from false negatives because it is difficult for the human mind to model all possible behavior combinations of today’s complicated web application. Manual auditing is also extremely expensive and time consuming. With the Armorize verification tool, the developer can scan his or her own source code while writing the program. The product provides immediate remediation early in the development cycle, has few false negatives, and is ready to integrate with a development team’s existing processes so that it can be used routinely to ensure security of today’s ever-changing Web applications. Unlike other source code scanners which suffer from high false positives (reporting possible vulnerabilities that are not really there), Armorize’s patented verification algorithms guarantee a very low false positive rate. [The Team] With an award-winning team of global security veterans and researchers, Armorize is helping firms to efficiently protect against web attacks across financial, telecom, e-commerce and government sectors. Armorize is expanding its current development team in order to build stronger products and to serve enterprise customers worldwide. Armorize is looking for talents in the following positions: A. Java Developer, bachelor degree or above, with 2+ years professional Java/OOP GUI experience, team player, Design Patterns, JDBC, SWT, Swing and JFace skills are necessary. B. Senior Java Developer, BS degree in CS-related degree or above, with 5+ years professional Java/OOP experience, team player, XML, UML, Design Patterns, Web Services, and Testing skills are necessary, Sun Java certificate and demo will be a plus. C. Security Expert, bachelor degree or above, with 3+ years in the security industry, familiar with penetration techniques and Web application vulnerabilities. Our R&D center is currently located in one of the best parts of the the Nankang Software Park (http://www.softwarepark.com.tw/). For more information, please send your resume and inquiries to [email protected] . We look forward for you to join us! Armorize Technologies, Inc. -- ※ 發信站: 批踢踢實業坊(ptt.cc) ◆ From: 61.229.17.99