Secure Web Applications Group

Ben's view on systemic problems in security reviewing

Disclaimer: this rant is the opinion of Ben Stock and him alone.

Read more 

Critical errors in our recent MADweb paper

It recently came to our attention that our MADweb 2021 paper “First, Do No Harm: Studying the manipulation of security headers in browser extensions” has two critical errors which causes our results to be incorrect.

Read more 

Errata for SRI functionality from our paper "Who's Hosting the Block Party? Studying Third-Party Blockage of CSP and SRI"

We have been made aware (kudos to Frederik Braun, also the author of the spec) that our description of how SRI works in our NDSS paper was incorrect. In this blog post, we would like to clarify our incorrect description and provide thoughts on whether or not this changes the conclusions drawn in the paper.

Read more 

Ben Stock running for SIGSAC Secretary-Treasurer

As part of my commitment to the community, I am happy to announce that I am running for the position of the Secretary-Treasurer within ACM SIGSAC, the organization behind conferences like CCS and AsiaCCS. Find my motivation statement below:

Read more 

Overview of our upcoming NDSS 2021 paper "Who's Hosting the Block Party? Studying Third-Party Blockage of CSP and SRI"

We are glad to announce that our paper Who’s Hosting the Block Party? Studying Third-Party Blockage of CSP and SRI was accepted to NDSS 21. This post constitutes a brief summary of our main findings and insights gained during the project. For more information and pointers to related works and references, please take a look at the paper.

Read more 

Additional Insights on Languages from our NDSS 2018 paper

This week, I presented our paper Didn’t You Hear Me? — Towards More Successful Web Vulnerability Notifications at NDSS in San Diego. Since there are some insights regarding the language of sites that we could not fit into the paper, I want to take this chance to point them out.

Read more 

Teaching in Summer term 2018

Given the great interest by students in our Web Security block course, the lecture will be offered as a regular lecture during the summer term. The lecture will take place every Wednesday from 10 to 12, most likely in the CISPA building. More information will be offered later. Students can enroll in the course until April 11th in the Course Management System.

Read more 

Teaching in Winter term 2017/2018

Together with the Information Security & Cryptography group, we teach the basic Foundations of Cybersecurity 1 lecture. This is a mandatory lecture for all students in their first semester.

Read more 

Job Openings

The Secure Web Applications Group has recently been established and is searching for talented and motivated Postdocs, PhD students, and thesis students. For more information, please see the Jobs/Thesis page.

Advanced Lecture in SS17: Web Security

In collaboration with the Information Security & Cryptography group, we are offering a full-day block course on Web Security, which will take place from August, 28th, to September, 8th. For more details on the lecture, including instructions for registration, please refer to the course page.