Vulnerability Discovery


SemesterSummer 2022
Course typeBlock Seminar
LecturerJun.-Prof. Dr. Wressnegger
AudienceInformatik Master & Bachelor
Credits4 ECTS
Room148 (50.34)


This seminar is concerned with the analysis and the discovery of vulnerabilities in software. Exploitable flaws in software are the foundation of attacks against entire systems and networks. Finding these hence is an important building block of proactive security.

The module introduces students to the large field of vulnerability discovery and teaches them to work up results from state-of-the-art research. To this end, the students will read up on a sub-field, prepare a seminar report, and present their work at the end of the term to their colleagues.

Topics include but are not limited to approaches for fuzzing software/devices, particular vulnerability classes, and static analysis for finding bugs.


Tue, 19. April, 11:30–13:00Primer on academic writing, assignment of topics
Thu, 28. AprilArrange appointments with assistant
Mon, 02. May - Fri, 06. May1st individual meeting (First overview, ToC)
Mon, 13. June - Fri, 17. June2nd individual meeting (Feedback on first draft of the report)
Wed, 29. JuneSubmit final paper
Mon, 11. JulySubmit review for fellow students
Fri, 15. JulyEnd of discussion phase
Fri, 22. JulySubmit camera-ready version of your paper
Mon, 1. AugustPresentation at final colloquium

Mailing List

News about the seminar, potential updates to the schedule, and additional material are distributed using a separate mailing list. Moreover, the list enables students to discuss topics of the seminar.

You can subscribe here.


Every student may choose one of the following topics. For each of these, we additionally provide a recent top-tier publication that you should use as a starting point for your own research. For the seminar and your final report, you should not merely summarize that paper, but try to go beyond and arrive at your own conclusions.

Moreover, most of these papers come with open-source implementations. Play around with these and include the lessons learned in your report.

  • Directed Fuzzing

    - Regression Greybox Fuzzing, CCS 2021
    - Directed Greybox Fuzzing, CCS 2017

  • Bug Synthesis

    - Evaluating Synthetic Bugs, ASIA CCS 2021
    - LAVA: Large-Scale Automated Vulnerability Addition, IEEE S&P 2016

  • Fuzzing Firmware, IoT, and Embedded Devices

    - Fuzzware: Using Precise MMIO Modeling for Effective Firmware Fuzzing, USENIX Security 2022
    - Snipuzz: Black-box Fuzzing of IoT Firmware via Message Snippet Inference, CCS 2021

  • Fuzzing Network Protocols

    - AFLNet: A Greybox Fuzzer for Network Protocols, ICST 2021
    - Nyx-Net: Network Fuzzing with Incremental Snapshots, CoRR 2021

  • Debloating Software

    - LIGHTBLUE: Automatic Profile-Aware Debloating of Bluetooth Stacks, USENIX Security 2021
    - Debloating Software through Piece-Wise Compilation and Loading, USENIX Security 2018

  • Microarchitecture Attacks

    - Branch History Injection: On the Effectiveness of Hardware Mitigations Against Cross-Privilege Spectre-v2 Attacks, USENIX Security 2022
    - RIDL: Rogue In-Flight Data Load, IEEE S&P 2019

  • Finding XSS Bugs

    - Riding out DOMsday: Toward Detecting and Preventing DOM Cross-Site Scripting, NDSS 2018
    - 25 Million Flows Later - Large-scale Detection of DOM-based XSS, CCS 2013

  • Finding Vulnerabilities in Smart Contracts

    - SMARTEST: Effectively Hunting Vulnerable Transaction Sequences in Smart Contracts through Language Model-Guided Symbolic Execution, USENIX Security 2021
    - VeriSmart: A Highly Precise Safety Verifier for Ethereum Smart Contracts, IEEE S&P 2020