Student Job at Fraunhofer SIT

Auch ohne Registrierung können Beiträge in diesem Unterforum geschrieben werden.

Antwort erstellen

Bitte gib deine E-Mail-Adresse an, demit du nachträglich Updates zu deinem Post hinzufügen kannst.

:D :) :( :o :shock: :? 8) :lol: :x :P :oops: :cry: :evil: :twisted: :roll: :wink: :!: :?: :idea: :arrow: :| :mrgreen:

BBCode ist eingeschaltet
[img] ist eingeschaltet
[flash] ist ausgeschaltet
[url] ist eingeschaltet
Smilies sind eingeschaltet

Die letzten Beiträge des Themas

Ansicht erweitern Die letzten Beiträge des Themas: Student Job at Fraunhofer SIT

Re: Student Job at Fraunhofer SIT

von lisa.nguyen » 21. Okt 2015 12:20

The position is no longer available.

Student Job at Fraunhofer SIT

von lisa.nguyen » 17. Sep 2015 10:06

The Secure Software Engineering Group of Fraunhofer SIT is looking for a Student Assistant.

Job description:
In order to resolve security flaws in applications, organizations must be able to identify the broadest possible array of potentially exploitable vulnerabilities. One of the primary methods to accomplish this is static analysis. While static source code analyzers can locate more types of vulnerabilities than any other method, they also output hundreds, if not thousands of findings, among which are a good number of false positives (warnings given by the tool that are not actual security flaws). Reducing the number of false positives is a gain of time and proves useful for the developers who have to process the list of warnings afterwards.

False positives are often created by the tools’ limitations, so called over-approximations. When the tool encounters those limitations while scanning a program, it produces incorrect data flows which result in false positives. Your task will be to identify such data flows using machine learning and graph pattern recognition.

The tasks of the student would be to:
(1) Create a library of known over-approximations
(2) Explore how to recognize such over-approximations in order to determine an analysis’ weaknesses
(3) Classify warnings that might correspond to unknown patterns to complete the library

Skills required:
Ideal candidates should have a good understanding of the Java language and good software design skills. Prior knowledge of static analysis is helpful, but not absolutely necessary.


Nach oben