Ben's view on systemic problems in security reviewing
Aug 10, 2021
Disclaimer: this rant is the opinion of Ben Stock and him alone.
Read moreCritical errors in our recent MADweb paper
Jul 19, 2021
It recently came to our attention that our MADweb 2021 paper “First, Do No Harm: Studying the manipulation of security headers in browser extensions” has two critical errors which causes our results to be incorrect.
Read moreErrata for SRI functionality from our paper "Who's Hosting the Block Party? Studying Third-Party Blockage of CSP and SRI"
Jun 15, 2021
We have been made aware (kudos to Frederik Braun, also the author of the spec) that our description of how SRI works in our NDSS paper was incorrect. In this blog post, we would like to clarify our incorrect description and provide thoughts on whether or not this changes the conclusions drawn in the paper.
Read moreBen Stock running for SIGSAC Secretary-Treasurer
Jan 17, 2021
As part of my commitment to the community, I am happy to announce that I am running for the position of the Secretary-Treasurer within ACM SIGSAC, the organization behind conferences like CCS and AsiaCCS. Find my motivation statement below:
Read moreOverview of our upcoming NDSS 2021 paper "Who's Hosting the Block Party? Studying Third-Party Blockage of CSP and SRI"
Jan 07, 2021
We are glad to announce that our paper Who’s Hosting the Block Party? Studying Third-Party Blockage of CSP and SRI was accepted to NDSS 21. This post constitutes a brief summary of our main findings and insights gained during the project. For more information and pointers to related works and references, please take a look at the paper.
Read moreAdditional Insights on Languages from our NDSS 2018 paper
Feb 20, 2018
This week, I presented our paper Didn’t You Hear Me? — Towards More Successful Web Vulnerability Notifications at NDSS in San Diego. Since there are some insights regarding the language of sites that we could not fit into the paper, I want to take this chance to point them out.
Read moreTeaching in Summer term 2018
Jan 04, 2018
Given the great interest by students in our Web Security block course, the lecture will be offered as a regular lecture during the summer term. The lecture will take place every Wednesday from 10 to 12, most likely in the CISPA building. More information will be offered later. Students can enroll in the course until April 11th in the Course Management System.
Read moreTeaching in Winter term 2017/2018
Sep 21, 2017
Together with the Information Security & Cryptography group, we teach the basic Foundations of Cybersecurity 1 lecture. This is a mandatory lecture for all students in their first semester.
Read moreJob Openings
Jul 07, 2017
The Secure Web Applications Group has recently been established and is searching for talented and motivated Postdocs, PhD students, and thesis students. For more information, please see the Jobs/Thesis page.
Advanced Lecture in SS17: Web Security
Jul 07, 2017
In collaboration with the Information Security & Cryptography group, we are offering a full-day block course on Web Security, which will take place from August, 28th, to September, 8th. For more details on the lecture, including instructions for registration, please refer to the course page.