Follow us:
  • Follow us on Facebook
  • Follow us on Twitter
  • Follow us on Linked In
Student Login

  New Student Signup  |  Lost Password

Sem2 + Sem1 S'ware Eng/Comp Sc: Dynamic Application Security Testing

Oracle Labs #1

Return to List

Closed Posted: 02 Jun 20. Closes: 22 Jun 20 Available: Semester 2 (Jul - Nov)

UPDATE 9/7: a student has been appointed.


EXTENDED PROJECT DURATION: Semester 2 2020 + Semester 1 2021. 

** only apply if your thesis / Masters project enrolment can be split across both Sem2 2020 + Sem1 2021 - 2 units per semester **


This thesis project is for a UQ final year Software Engineering (thesis) student; or a Master of Software Eng / Computer Science student with with an undergraduate degree in Computer Science or Software Engineering).

Oracle Labs are looking for applicants with strong programming skills only. See full list of skills / background below.

The successful applicant will receive a $6,000 scholarship + academic credit SPREAD OVER Semester 2 2020 + Semester 1 2021 for enrolment/assessment (total of 4units spread across two semesters - UQ).  You must be available to work on the project onsite for 2 days/week during semester 2 2020 + Semester 1 2021 (around lecture timetable).

APPLICANTS NOTE: upload your resume with unofficial academic transcript/s (undergrad + Masters if applicable - combined into 1 doc/pdf). Also include your student ID number. Upload resume before OR after applying for project/s.  

UQ ELIGIBILITY REQUIREMENT: all CEED applicants must get a written study plan approved (by a UQ academic advisor) which shows thesis/project unit enrolment is possible across Semester 2 2020 + Semester 1 2021.

We cannot progress your application until you provide this info to CEED (please email to CEED before the project's application close date).

Location: Brisbane City QLD
Categories: Information Technology, Electrical Engineering

Project Background / Description

Gelato is a Dynamic Application Security Testing (DAST) tool from Oracle Labs that uses advanced techniques to analyse modern and complex web applications. It goes beyond simply spidering static pages, and finds vulnerabilities, such as potential reflected-XSS and DOM-based XSS. This project aims to integrate Gelato with tools such as Burp Suite which are used by penetration testers (pen-testers) all around the world and evaluate its effectiveness as a security tool.


About Oracle


Oracle offers a comprehensive and fully integrated stack of cloud applications, platform services, and engineered systems.  With more than 400,000 customers—including 100 of the Fortune 100—in more than 145 countries, Oracle provides a complete technology stack both in the cloud and in the data centre.


Oracle’s industry-leading cloud-based and on-premises solutions give customers complete deployment flexibility and unmatched benefits including application integration, advanced security, high availability, scalability, energy efficiency, powerful performance, and low total cost of ownership.


For more information about Oracle, visit


Oracle Labs


Oracle Labs is the research division of Oracle.  It focuses on applied research to produce new technologies of interest to the company.


Oracle Labs Australia (, based in Brisbane, specialises in Program Analysis in a variety of domains, including bug-checking, productivity tools, security analysis, testing, and more. The Brisbane team hit the headlines with its research on static code analysis that lead to scalable and precise bug-checking algorithms embedded in the Parfait tool.


How Oracle helps CEED students


We link you up with an experienced supervisor on the Brisbane team. They will work closely with you, helping you grow your skills—really practical skills you can put to work in real-world situations. 


Objectives / Tasks / Project Outcomes

  • Scope the project based on the intern’s interests/strengths and the requirements of Oracle Labs;
  • A literature review of the state-of-the-art in the area of dynamic application security testing.
  • Integrate Gelato with an existing framework like Burpsuite
  • Evaluate the integration against target applications.
  • Improve the attack surface detection to find vulnerabilities that would otherwise require error-prone and tedious manual crawling of complex applications.
  • Write a detailed report on work undertaken
  • Give a presentation to the group on work undertaken

The student will gain expertise and skills in the analysis of security vulnerabilities, in particular pen-testing tools such as Gelato and Burpsuite.  They will also get exposure to the process necessary to move a research tool into a practical implementation.

Skills / Experience Required

  • Excellent academic results
  • Excellent programming skills in Java and Python
  • Excellent problem-solving skills
  • Experience with Unix-based systems
  • Ability to work independently
  • Knowledge of web crawling or pen-testing tools will be beneficial.

Return to List

Subscribe to e-newsletter