Vulnerability Discovery


SemesterSummer 2021
Course typeBlock Seminar
LecturerJun.-Prof. Dr. Wressnegger
AudienceInformatik Master & Bachelor
Credits4 ECTS

Remote Course

Due to the ongoing COVID-19 pandemic, this course is going to start off remotely, meaning, the kick-off meeting will happen online. The final colloquium, however, will hopefully be an in-person meeting again.

To receive all the necessary information, please subscribe to the mailing list here.


This seminar is concerned with the analysis and the discovery of vulnerabilities in software. Exploitable flaws in software are the foundation of attacks against entire systems and networks. Finding these hence is an important building block of proactive security.

The module introduces students to the large field of vulnerability discovery and teaches them to work up results from state-of-the-art research. To this end, the students will read up on a sub-field, prepare a seminar report, and present their work at the end of the term to their colleagues.

Topics include but are not limited to approaches for fuzzing software/devices, particular vulnerability classes, and static analysis for finding bugs.


Tue, 13. April, 11:30–13:00Primer on academic writing, assignment of topics
Thu, 22. AprilArrange appointment with assistant
Mo, 26. April - Fr, 30. AprilIndividual meetings with assistant
Wed, 16. JuneSubmit final paper
Wed, 30. JuneSubmit review for fellow students
Fri, 02. JulyEnd of discussion phase
Thu, 09. JulySubmit camera-ready version of your paper
Fr, 23. JulyPresentation at final colloquium

Mailing List

News about the seminar, potential updates to the schedule, and additional material are distributed using a separate mailing list. Moreover, the list enables students to discuss topics of the seminar.

You can subscribe here.


Every student may choose one of the following topics. For each of these, we additionally provide a recent top-tier publication that you should use as a starting point for your own research. For the seminar and your final report, you should not merely summarize that paper, but try to go beyond and arrive at your own conclusions.

Moreover, most of these papers come with open-source implementations. Play around with these and include the lessons learned in your report.

  • Finding Vulnerabilities in Smart Contracts

    - SMARTEST: Effectively Hunting Vulnerable Transaction Sequences in Smart Contracts through Language Model-Guided Symbolic Execution, USENIX Security 2021
    - VeriSmart: A Highly Precise Safety Verifier for Ethereum Smart Contracts, IEEE S&P 2020

  • Finding Vulnerabilities in Android Apps

    - Witness: Detecting Vulnerabilities in Android Apps Extensively and Verifiably, USENIX Security 2019
    - Time-Travel Testing of Android Apps, ICSE 2020

  • Finding Vulnerabilities on the Web

    - Black Widow: Blackbox Data-driven Web Scanning, IEEE S&P 2021
    - PMForce: Systematically Analyzing PostMessage Handlers at Scale, CCS 2020
    - FreeDom: Engineering a State-of-the-Art DOM Fuzzer, CCS 2020

  • Fuzzing Databases

    - Squirrel: Testing Database Management Systems with Language Validity and Coverage Feedback, CCS 2020
    - Testing Database Engines via Pivoted Query Synthesis, USENIX OSDI 2020

  • Fuzzing Network Protocols

    - AFLNet: A Greybox Fuzzer for Network Protocol, ICST 2020
    - Protocol State Fuzzing of TLS Implementations, USENIX Security 2015

  • Vulnerabilities in WebAssembly

    - Everything Old is New Again: Binary Security of WebAssembly, USENIX Security 2020
    - Wasabi: A Framework for Dynamically Analyzing WebAssembly, ASPLOS 2019

  • From Side-Channels to Vulnerabilities

    - PLATYPUS: With Great Power comes Great Leakage, IEEE S&P 2021
    - Spectre Attacks: Exploiting Speculative Execution, IEEE S&P 2019

  • Compiler-assisted Vulnerability Discovery

    - Symbolic execution with SYMCC: Don’t interpret, compile!, USENIX Security 2020
    - SymQEMU: Compilation-based symbolic execution for binaries, NDSS 2021