Vulnerability Discovery


SemesterSummer 2020
Course typeBlock Seminar
LecturerJun.-Prof. Dr. Wressnegger
AudienceInformatik Master & Bachelor
Credits4 ECTS
Room148, Building 50.34 Online
LanguageEnglish or German

Remote Course

Due to the COVID-19 outbreak, this course is going to start off remotely, meaning, the kick-off meeting will happen online. The final colloquium, however, will hopefully be an in-person meeting again.

To receive all the necessary information, please subscribe to the mailing list here.


This seminar is concerned with the analysis and the discovery of vulnerabilities in software. Exploitable flaws in software are the foundation of attacks against entire systems and networks. Finding these hence is an important building block of proactive security.

The module introduces students to the large field of vulnerability discovery and teaches them to work up results from state-of-the-art research. To this end, the students will read up on a sub-field, prepare a seminar report, and present their work at the end of the term to their colleagues.

Topics include but are not limited to approaches for fuzzing software/devices, particular vulnerability classes, and static analysis for finding bugs.


Tue, 21. April, 11:30–13:00Primer on academic writing, assignment of topics
Tue, 05. MayArrange appointment with assistant
Mo, 11. May - Fr, 15. MayIndividual meetings with assistant
Tue, 09. JuneSubmit final paper
Tue, 30. JuneSubmit review for fellow students
Thu, 09. JulySubmit camera-ready version of your paper
Fr, 17. JulyPresentation at final colloquium

Mailing List

News about the seminar, potential updates to the schedule, and additional material are distributed using a separate mailing list. Moreover, the list enables students to discuss topics of the seminar.

You can subscribe here.


Every student may choose one of the following topics. For each of these, we additionally provide a recent top-tier publication that you should use as a starting point for your own research. For the seminar and your final report, you should not merely summarize that paper, but try to go beyond and arrive at your own conclusions.

Moreover, all of these papers come with open-source implementations. Play around with these and include the lessons learned in your report.

  • Sanitizer and Fuzzing

    ParmeSan: Sanitizer-guided Greybox Fuzzing, USENIX Security 2020

  • Expert-Guided Fuzzing

    IJON: Exploring Deep State Spaces via Fuzzing, IEEE S&P 2020

  • Fuzzing Firmware

    HALucinator: Firmware Re-hosting Through Abstraction Layer Emulation, USENIX Security 2020

  • Fuzzing Mitigation

    ANTIFUZZ: Impeding Fuzzing Audits of Binary Executables, USENIX Security 2019

  • Bug Synthesis

    LAVA: Large-scale Automated Vulnerability Addition, IEEE S&P 2016

  • Machine Learning based Fuzzing

    NEUZZ: Efficient Fuzzing with Neural Program Smoothing, IEEE S&P 2019

  • Pattern-based Vulnerability Discovery

    Automatic Inference of Search Patternsfor Taint-Style Vulnerabilities, IEEE S&P 2015

  • Backdoors in Machine Learning

    Neural Cleanse: Identifying and Mitigating Backdoor Attacks in Neural Networks, IEEE S&P 2019


The schedule of the final colloquium can be found here.