| || ||
We are hiring!
Seeking one highly motivated Research Fellow (2 years) with some experience in fuzzing / vulnerability discovery.
Want to apply? Send your CV, transcripts, and your reasons why you would like work on automated vulnerability discovery. to .
The discovery of vulnerabilities in web applications before an attacker does can save companies
millions of dollars. According to a 2018 study "[..] the total average cost of web
application attacks in APAC over the past 12 months was $2.4 million per company, while
the total average cost of DoS attacks was $1.1 million. [..] Web application attacks
are a constant threat for companies. 43 percent of respondents said that web application
security is more critical than other security issues faced by their organizations."
Most critically, a vulnerability in a web application can be exploited remotely over the
network from anywhere in the world.
This project aims to develop stateful fuzzing techniques that can discover
vulnerabilities that could otherwise be used for remote arbitrary execution attacks. In this
project, we are planning to first tackle the challenges of statefulness and protocol
inference before we address the (greybox) problem where only the compiled x86 program
binary of the protocol implementation or web application is available.
You can find more information here:
· https://fuzzinfer.github.io · Updated: 2019-09-06 14:05
||Abhik Roychudhury is a Professor of Computer Science at National University of Singapore.
His research focuses on software testing and analysis, trust-worthy software construction
and software security. He is currently leading the Singapore Cyber-security Consortium. He has
served as an Associate Editor of IEEE Transactions on Software Engineering (TSE) during
2014-18, and is serving as an Associate Editor of IEEE Transactions on Dependable and Secure
Computing (TDSC) during 2019-21. Abhik received his Ph.D. in Computer Science from the State University of
New York at Stony Brook in 2000.|
||Marcel Böhme is a 2019 ARC DECRA Fellow and Lecturer (Asst Prof) at Monash University, Australia. He was research fellow at CISPA,
Saarland University, Germany from 2014 to 2015 and completed his PhD at National University of Singapore in
2014. Marcel’s research is focussed on automated vulnerability discovery, analysis, testing,
debugging, and repair of large software systems. His tools discovered 100+ bugs in widely-used
software systems, more than 60 of which are security-critical vulnerabilities registered as
CVEs at the US National Vulnerability Database.
||Van-Thuan Pham is a postdoctoral research fellow at Monash University, Australia. During
his PhD studies at NUS, under the supervision of Prof Abhik Roychoudhury he conducted research
on fuzz testing techniques (including black-box, coverage-based grey-box and symbolic-execution
based white-box fuzzing) and applied these techniques to vulnerability detection, crash
reproduction and debugging.|
||Zhen Dong completed his PhD in computer science from Heidelberg University in 2017, advised
by Prof. Artur Andrzejak . After his PhD he joined in the team of Prof. Abhik Roychoudhury at
National University of Singapore as a postdoctoral researcher. His research is focused on testing,
vulnerability detection, and repair of software systems.|
||We have an opening for a Research Fellow position at Monash University, Australia for two years.
The Research Fellow would conduct this research within our Monash fuzzing team in
collaboration with the team of Abhik Roychoudhury at the National University of Singapore.
The applicant should have
- Strong background in system building, software testing, and bug finding
- Some success in CTFs, hackathons, or bug bounty programs
- Some background in binary analysis, reverse engineering, fuzzing
- Background in statistics, research, and experimentation desirable