Chair of Programming Languages and AI
print
Breadcrumb Navigation
Content

Security Bug Hunting Summer 2025

Overview

In this practical course, you will go on the hunt for security vulnerabilities in real-world applications that people actually use. You will learn how to systematically identify potential attacks and become familiar with the common security vulnerabilities used to carry out these attacks. Throughout the course, you will apply the theoretical knowledge and learn about the techniques and tools used to detect vulnerabilities in software.

The course is designed to be flexible, allowing you to choose your approach - whether that's performing mass scans with static analysis, writing new fuzzing harnesses for existing software, or identifying exploits using manual analysis. You also get to select the targets and, as a result, the level of difficulty yourself.

Organization

You will spend the lecture period searching for vulnerabilities in real-world applications in teams of two. The course will meet in person approximately every two weeks on Monday at 1 PM c.t. during the lecture period to sync up and learn from each other. There will be an introductory lecture during the first meeting. Additionally, each team will prepare and give a presentation about a tool that can be used to find vulnerabilities. After the lecture period, each team prepares a report about the methods they used and their findings. The report is due by the end of the semester.

Registration is done via the "Central Allocation: Master Practical Courses SoSe 2025" moodle course.

Prerequisites

There are no formal prerequisites, but a strong interest in software security and the ability to work independently in an unguided environment are essential. You should be comfortable using the command line and capable of writing small scripts to juggle some bytes around. Some basic knowledge about software security obtained through

  • lecture/practical course "IT-Sicherheit"
  • lecture "Program Analysis for Security"
  • doing HackTheBox/TryHackMe/CTFs in your free time

may help you get started faster but are not necessary.

If you have any questions, feel free to email me at tim.lange@... or message me on Zulip.