PhD students and Postdocs

We are constantly looking for motivated and talented PhD students and postdocs interested in one of these areas:

These are currently our areas of interest:

  • Web security (e.g., vulnerability analysis, measurements, etc.)
  • New automated program analysis techniques (e.g., web application scanners, static program analysis, client and server-side code analysis, etc.)
  • Machine learning and artificial intelligence for program analysis
  • Security of immersive web applications (e.g., metaverse security and privacy, WebXR, etc.)

Please look at our recent publications to learn more about our current interests.

If you would like to know more, please send your questions to Giancarlo Pellegrino.

General Requirements

  • A BSc/MSc degree/PhD in Computer Science, Information/Cyber Security, Mathematics, or equivalent
  • English proficiency (knowledge of German is not required)
  • Excellent programming skills
  • (Depending on the topic of interest) Proven background in web security, program analysis, and/or reinforcement learning/machine learning

How to apply

All applications must be submitted through the CISPA application system and contain the following:

  1. Cover letter. As the CISPA application system is centralized, your cover letter must specify that you are applying for a position in the group of Dr. Pellegrino
  2. CV/Resume
  3. For PhD positions, the most recent transcript of records
  4. Certificates
  5. Names, titles, and email addresses of your referees

Submit PDF files only; Microsoft Office documents will be discarded.

To speed up the process, send me a heads-up email for your submission to pellegrino@cispa.de.

Moar Instructions

Why submitting boring applications?!

Is sending a bunch of PDFs via email too boring for you? Would you like to spice up your application a little bit? Say no more. I got you covered!

Here is a challenge for you. This webpage is vulnerable! Your goal is to identify the vulnerability, write a vulnerability report called vuln_report.pdf, and attach it to your application email!

The report must convince me (the developer) about the problem and its potential risk. I would recommend structuring the report as shown below. Solving the challenge is strongly recommended.

1. Name

Insert the name of the vulnerability here

2. Description

Describe the vulnerable behavior.

3. Security risk

Describe how easily an attacker can exploit this vulnerability.

4. PoC

Assuming https://secwebdev.it/api/v1/delete_database is the web API that can wipe out a production database, please include a proof of concept that can reliably exploit the vulnerability.

5. (Optional) Past instances

Please show me the importance of this vulnerability by finding an example of a similar vulnerability that affected at least one famous website in the past!