Goran Piskachev

I am an applied scientist at Amazon Web Services in Berlin, Germany.

Github Logo Twitter Logo Instagram Logo


Static code analysis has shown success in finding bugs and security vulnerabilities. However, using existing analyses and tools on new codebases requires sufficient knowledge on how the particular analysis works which needs to be configured. This configuration includes selection of appropriate call graph, rules, and more. Default configurations are often not usable. In my research, I develop methods and tools that will ease the application of generic static analyses, such as taint analysis or typestate analysis to specific context.

Research Areas of Interest:


Work Experience





At Paderborn University, I suppervised Bachelor, Master or Seminar theses.
  • [ongoing] Master thesis - Explorative research on using LLVM and PhASAR to run data-flow analyses on SWIFT
  • [finished] Seminar Secure Systems Engineering (WS21/22) - Understanding and evaluating MarianaTrench
  • [finished] Master thesis - Explorative research on taint analysis for Kotlin
  • [finished] Master thesis - Soot-based configuration generator for analysis writers (co-supervised)
  • [finished] Master thesis - Extending fluentTQL: Specifying taint-flows through a domain-specific language
  • [finished] Master thesis - Evaluation of Call Graph Construction for Python (co-supervised)
  • [finished] Master thesis - Transformation of Taint and Typestate Specifications (co-supervised)
  • [finished] Seminar Secure Systems Engineering (WS19/20) - Transforming Taint flow Specifications into Correct Usage of APIs (co-supervised)
  • [finished] Seminar Secure Systems Engineering (WS19/20) - Survey on Domain Specific Languages for Taint Analysis
  • [finished] Pro-Seminar Softwareentwicklung fuer software-intensive Systeme (SS19) - Representing Source Code in Machine Leraning for Code Analysis
  • [finished] Seminar Advanced Software Engineering Contepts (SS19) - Integrating Feedback in the IDE
  • [finished] Master thesis - Detection of methods of interest for security based on software documentation
  • [finished] Seminar Secure Systems Engineering (WS18/19) - Survey on adaptive static analysis
  • [finished] Bachelor thesis - Authentication and authorization checker for Java web systems
  • [finished] Bachelor thesis - Evaluation of machine learning algorithms for automatic detection of security-relevant methods
  • [finished] Seminar Secure Systems Engineering (WS17/18) - Inferring specifications for taint-style vulnerabilities
  • [finished] Seminar Secure Systems Engineering (WS16/17) - Security vulnerabilities in Android's inter-app communication
If you are a student interested in similar topics, feel free to contact me and set up a meeting. Speculative requests are welcome.
Teaching assistance


e-Mail: goran(at)piskachev.com