Secure Web Applications Group

Dr.-Ing. Ben Stock

Dr.-Ing. Ben Stock Head of the Research Group

Stuhlsatzenhaus 5, Room 2.09
+49 681 87083 2681
stock [at]

I am the head of the Secure Web Applications Group and Tenured Faculty at CISPA. Prior to that, I was a postdoctoral researcher in the group of Michael Backes. Before joining CISPA, I was a PhD student and research fellow at the Security Research Group of the University Erlangen-Nuremberg, supervised by Felix Freiling.

Research Interests: Web Security, Network Security, Vulnerability Notifications, Usable Security

Research Staff

Shubham Agarwal

Shubham Agarwal PhD Student

Stuhlsatzenhaus 5, Room 2.11
shubham.agarwal [at]

Since March 2021, I am Ph.D. student in the Secure Web Applications Group, supervised by Ben Stock. Before this, I pursued my master's in Computer Science from Saarland University while also working at MPI Informatik as a Research Assistant. I did my bachelor studies at Vellore Institue of Technology, India.

Research Interests: Web Security, Vulnerability Detection

Sebastian Roth

Sebastian Roth PhD Student

Stuhlsatzenhaus 5, Room 2.11
sebastian.roth [at]

Since March 2019, I am a Ph.D. student at CISPA, supervised by Ben Stock. Before that, I studied Computer Science (Master) and Cybersecurity (Bachelor) at Saarland University, while working as a Research Assistant for CISPA.

Research Interests: Web Security, Vulnerability Detection, Usable Security, Vulnerability Notifications

Current student helpers

Luis Felger

Simon Hasir

Dominik Kempter

Metodi Mitkov

Linda Müller

Mikka Rainer

Julian Rederlechner

Philipp Settegast

Moritz Wilhelm

Current thesis students / student lab members

Philipp Baus

Birk Blechschmidt

Florian Hantke

Thomas Helbrecht

Matthias Michels


Former Research Staff

Aurore Fass

Dr.-Ing. Aurore Fass PhD Student (01/2018 - 05/2021); Postdoc (05/2021 - 10/2021)

Stuhlsatzenhaus 5, Room 2.11
aurore.fass [at]

I am visiting assistant professor at Stanford University since October 2021. Since January 2018, I was a Ph.D. student at CISPA, jointly supervised by Michael Backes and Ben Stock, and defended my PhD in May 2021. Prior to that, I was a master student at the French Grande École TELECOM Nancy and wrote in particular my master's thesis at the German Federal Office for Information Security under the supervision of Isabelle Chrisment and Robert Krawczyk.

Research Interests: Static Code Analysis, Malware & Vulnerability Detection, Machine Learning, Adversarial Attacks

Pierre Laperdrix

Dr. Pierre Laperdrix Postdoctoral Researcher (03/2019 - 08/2019)

I am a full-time researcher in the SPIRALS team at CNRS. Before that, I was a postdoctoral researcher in the Secure Web Applications Group at the CISPA-Helmholtz Center for Information Security. Previously, I was a postdoctoral researcher in the PragSec lab at Stony Brook University working with Nick Nikiforakis. My current topics of research are Security and privacy on the Web. I obtained my PhD at Inria in Rennes working on the topic of browser fingerprinting. As part of my thesis, I developed the AmIUnique website to understand fingerprinting and worked with the Tor organization to improve the Tor browser fingerprinting defenses.

Research Interests: Web security, Browser Fingerprinting, Software Debloating

Gordon Meiser

Gordon Meiser PhD Student (07/2018 - 12/2019)

I was a PhD student Secure Web Applications Group at CISPA, supervised by Ben Stock. In 2007, I wrote my master's thesis at the Ruhr University Bochum under the supervision of Christof Paar. Henceforth I worked as a security tester in the Siemens CERT, for T-Systems, and the Cosmosdirekt insurance.

Research Interests: Web Security, Blockchain/Cryptography

Marius Steffens

Dr.-Ing. Marius Steffens PhD Student (10/2018 - 07/2021)

Since October 2018, I was a Ph.D. student in the Secure Web Applications Group, supervised by Ben Stock. I defended my PhD in June 2021. Before that, I studied Cybersecurity at the University of Saarland, while working at the CISPA as a research assistant.

Research Interests: Web Security, Large-Scale Vulnerability Detection

Former student helpers

  • Jonas Büchner
  • Anne Christin Deutschen
  • Philipp Dewald
  • Daniel Emmel
  • Maximilian Löffler
  • Tim Recktenwald
  • Simon Rink
  • Florian Romann
  • Raoul Scholtes
  • Luc Seyler
  • Nicolas Tran
  • Lukas Vermeulen
  • Sophie Wenning

Former thesis students

  • David Butscher (2021): Measuring the Impact of the Crawling Context on the Results of Web Scanners
  • Daniel Emmel (2021): SynthTT: Jamming Client-Side XSS with synthesized TrustedTypes sanitizers
  • Marc Katz (2021): Malicious Tag Soup: How the HTML standard undermines web security
  • Jannis Rautenstrauch (2021): XS-Leaks: How affected are browsers and the web?
  • Peter Stolz (2021): To hash or not to hash: A security assessment of the CSP directive unsafe-hashes
  • Moritz Wilhelm (2021): retroCSP: Retrofitting Web Security on the Client Side by Reinforcing Widespread CSP Support
  • Shubham Agarwal (2020): Investigating the Impact of Persistent State on Client-Side CSRF in Web Applications
  • Benjamin Hollinger (2020): Examining the Security of Embedded Browsers
  • Maximilian Jung (2020): Studying Client-Side Cross-Site-Scripting via Taint-Tracking
  • Matthias Michels (2020): Revisiting large Scale Vulnerability Notifications
  • Alexander Rassier (2020): CIDeR: Automatically Implementing Nonce-Based Content Security Policies
  • Sebastian Roth (2019): Content Security Policy - A Shapeshifter's Tale
  • Dennis Salzmann (2019): Studying Strategies During Online A/D CTFs
  • Kolja Graßmann (2018): Studying Patching Behaviour of Client-Side XSS Flaws
  • Tobias Kirsch (2018): How does filtering on the web work?
  • Marius Steffens (2017): A Tale of the Tangled Web: A historic overview of the (In)Security of Client Side Web Applications