3849 Dynamic Program Analysis

Autumn Term / HT

6 ECTS; Lecture + Exercises + Lab (Vorlesung/Übung/Praktikum)

This course focuses on methods for analyzing programs by executing them in a real or emulated environment, in particular fuzz testing. Fuzz testing is one of the most successful state-of-the-art methods for quickly finding bugs, and is deployed by companies such as Google and Microsoft at datacenter scale to continuously test their products. Hundreds to thousands of CVEs have been assigned as a result of fuzzing campaigns against many different types of software. In the course, we look at the key techniques behind fuzz testing and recent developments in taint analysis, dynamic binary instrumentation, and symbolic execution.

In the fuzzing lab (Praktikum), you will experiment with setting up, fine tuning, and evaluating a state of the art fuzzing system.