PhD students and Postdocs
We are constantly looking for motivated and talented PhD students and postdocs interested in one of these areas:
These are currently our areas of interest:
Please look at our recent publications to learn more about our current interests.
If you would like to know more, please send your questions to Giancarlo Pellegrino.
All applications must be submitted through the CISPA application system and contain the following:
Submit PDF files only; Microsoft Office documents will be discarded.
To speed up the process, send me a heads-up email for your submission to pellegrino@cispa.de.
Why submitting boring applications?!
Is sending a bunch of PDFs via email too boring for you? Would you like to spice up your application a little bit? Say no more. I got you covered!
Here is a challenge for you. This webpage is vulnerable! Your goal is to identify the vulnerability, write a vulnerability report called vuln_report.pdf
, and attach it to your application email!
The report must convince me (the developer) about the problem and its potential risk. I would recommend structuring the report as shown below. Solving the challenge is strongly recommended.
Insert the name of the vulnerability here
Describe the vulnerable behavior.
Describe how easily an attacker can exploit this vulnerability.
Assuming https://secwebdev.it/api/v1/delete_database
is the web API that can wipe out a production database, please include a proof of concept that can reliably exploit the vulnerability.
Please show me the importance of this vulnerability by finding an example of a similar vulnerability that affected at least one famous website in the past!