The discovery of vulnerabilities in web applications before an attacker does can save companies millions of dollars. According to a 2018 study "[..] the total average cost of web application attacks in APAC over the past 12 months was $2.4 million per company, while the total average cost of DoS attacks was $1.1 million. [..] Web application attacks are a constant threat for companies. 43 percent of respondents said that web application security is more critical than other security issues faced by their organizations." Most critically, a vulnerability in a web application can be exploited remotely over the network from anywhere in the world.
This project aims to develop stateful fuzzing techniques that can discover vulnerabilities that could otherwise be used for remote arbitrary execution attacks. In this project, we are planning to first tackle the challenges of statefulness and protocol inference before we address the (greybox) problem where only the compiled x86 program binary of the protocol implementation or web application is available.The applicant should have
The Research Fellow would conduct this research within our Monash fuzzing team in collaboration with the team of Abhik Roychoudhury at the National University of Singapore.
The PhD student will work on the development of highly efficient techniques for automated vulnerability detection in large software projects. The PhD student will investigate scalable fuzzing techniques, publish in premier venues for software engineering and cyber security, and develop practical test generation tools that can detect real-world vulnerabilities in existing widely-used, security-critical C libraries. We will explore deep integrations of heavy-weight, systematic, whitebox fuzzing techniques and light-weight, random, greybox fuzzing techniques. We will also study the efficient fuzzing of stateful, protocol-based applications as well as gui-based (Android) apps.The applicant should have
The PhD student is fully funded throughout her or his candidature. For international students, Faculty will also cover the tuition fees and a Overseas Student Health Cover (OSHC). The Faculty of IT will support attendance at conferences.Marcel Böhme < · https://www.comp.nus.edu.sg/~mboehme · Updated: 2019-09-06 14:05