Secure Web Applications Group

Dr.-Ing. Ben Stock

Dr.-Ing. Ben Stock Head of the Research Group

Kaiserstraße 21, St. Ingbert, Room 4.12
+49 681 87083 2681
stock [at] cispa.de

I am the head of the Secure Web Applications Group and Tenured Faculty at CISPA. Prior to that, I was a postdoctoral researcher in the group of Michael Backes. Before joining CISPA, I was a Doctoral Student and research fellow at the Security Research Group of the University Erlangen-Nuremberg, supervised by Felix Freiling.

Research Interests: Web Security, Network Security, Vulnerability Notifications, Usable Security

Research Staff

Shubham Agarwal

Shubham Agarwal Doctoral Student

Kaiserstraße 21, St. Ingbert, Room 4.11
shubham.agarwal [at] cispa.de

Since March 2021, I am Ph.D. student in the Secure Web Applications Group, supervised by Ben Stock. Before this, I pursued my master's in Computer Science from Saarland University while also working at MPI Informatik as a Research Assistant. I did my bachelor studies at Vellore Institue of Technology, India.

Research Interests: Web Security, Vulnerability Detection

Florian Hantke

Florian Hantke Doctoral Student

Kaiserstraße 21, St. Ingbert, Room 4.11
florian.hantke [at] cispa.de

Since April 2022, I am a Ph.D. student at CISPA, supervised by Ben Stock. Before joining CISPA, I completed my master's and bachelor's degree in Computer Science from Friedrich-Alexander-Universität. Parallel to my university journey, I also worked as a research assistant at FAU and Security Consultant at SEC Consult.

Research Interests: Web Security, HTML Parser, Vulnerability Detection

Jannis Rautenstrauch

Jannis Rautenstrauch Doctoral Student

Kaiserstraße 21, St. Ingbert, Room 4.14
jannis.rautenstrauch [at] cispa.de

I investigate privacy threats in the context of web security at CISPA. Since January 2022, I have been a Ph.D. student supervised by Ben Stock. Before that, I obtained a master's degree in Computer Science from Saarland University and a bachelor's degree in Cognitive Science from Osnabrück University.

Research Interests: Web Security and Privacy

Current student helpers


Thomas Helbrecht

Metodi Mitkov

Tim Schneider

Current thesis students / student lab members


Philipp
Baus

Niklas
Beierl

Alberto
Fernández-de-Retana

Thomas
Helbrecht

Tristan
Hermanns

Moritz
Lübke

Metodi
Mitkov

Philipp
Settegast

Alumni

Former Research Staff

Aurore Fass

Dr.-Ing. Aurore Fass Doctoral Student (01/2018 - 05/2021); Postdoctoral Researcher (05/2021 - 10/2021)

Since October 2023, I am a tenure-track faculty at CISPA. Before that, I was a visiting assistant professor at Stanford University since October 2021. Since January 2018, I was a Ph.D. student at CISPA, jointly supervised by Michael Backes and Ben Stock, and defended my PhD in May 2021. Prior to that, I was a master student at the French Grande École TELECOM Nancy and wrote in particular my master's thesis at the German Federal Office for Information Security under the supervision of Isabelle Chrisment and Robert Krawczyk.

Research Interests: Static Code Analysis, Malware & Vulnerability Detection, Machine Learning, Adversarial Attacks

Pierre Laperdrix

Dr. Pierre Laperdrix Postdoctoral Researcher (03/2019 - 08/2019)

I am a full-time researcher in the SPIRALS team at CNRS. Before that, I was a postdoctoral researcher in the Secure Web Applications Group at the CISPA-Helmholtz Center for Information Security. Previously, I was a postdoctoral researcher in the PragSec lab at Stony Brook University working with Nick Nikiforakis. My current topics of research are Security and privacy on the Web. I obtained my PhD at Inria in Rennes working on the topic of browser fingerprinting. As part of my thesis, I developed the AmIUnique website to understand fingerprinting and worked with the Tor organization to improve the Tor browser fingerprinting defenses.

Research Interests: Web security, Browser Fingerprinting, Software Debloating

Gordon Meiser

Gordon Meiser Doctoral Student (07/2018 - 12/2019)

I was a Doctoral Student Secure Web Applications Group at CISPA, supervised by Ben Stock. In 2007, I wrote my master's thesis at the Ruhr University Bochum under the supervision of Christof Paar. Henceforth I worked as a security tester in the Siemens CERT, for T-Systems, and the Cosmosdirekt insurance.

Research Interests: Web Security, Blockchain/Cryptography

Trung Tin Hantke

Dr.-Ing. Trung Tin Nguyen Postdoctoral Researcher (07/2023 - 07/2024)

Kaiserstraße 21, St. Ingbert, Room 4.14
tin.nguyen [at] cispa.de

I am a post-doctoral researcher at SWAG, headed by Ben Stock. In July 2023, I defended my Ph.D. supervised by Michael Backes at CISPA. Before that, I studied Business Information Systems (Master) at Heilbronn University of Applied Sciences and Computer Science (Bachelor) at the Industrial University of Ho Chi Minh City.

Research Interests: Web and Mobile Privacy, Usable Security and Privacy, Data Protection

Sebastian Roth

Dr.-Ing. Sebastian Roth Doctoral Student (03/2019 - 03/2023)

Since April 2023, I am postdoctoral researcher at TU Vienna. From March 2019 until March 2023, I was a Ph.D. student at CISPA, supervised by Ben Stock. Before that, I studied Computer Science (Master) and Cybersecurity (Bachelor) at Saarland University, while working as a Research Assistant for CISPA.

Research Interests: Web Security, Vulnerability Detection, Usable Security, Vulnerability Notifications

Marius Steffens

Dr.-Ing. Marius Steffens Doctoral Student (10/2018 - 07/2021)

Since October 2018, I was a Ph.D. student in the Secure Web Applications Group, supervised by Ben Stock. I defended my PhD in June 2021. Before that, I studied Cybersecurity at the University of Saarland, while working at the CISPA as a research assistant.

Research Interests: Web Security, Large-Scale Vulnerability Detection

Christine Utz

Dr.-Ing. Christine Utz Postdoctoral Researcher

Since May 2024, I am an Assistant Professor at Radboud University. I was a postdoc at SWAG between January 2023 and April 2024. I defended my PhD in November 2022, supervised by Thorsten Holz at Ruhr University Bochum, where I was part of the interdisciplinary graduate program SecHuman and had earlier obtained MSc and BSc degrees in IT Security / Information Technology. I spent part of my master's at Purdue University in Indiana and also hold a law degree from the University of Bayreuth.

Research Interests: Web and Mobile Privacy, Usable Security and Privacy, Data Protection

Former student helpers

  • Jonas Büchner
  • Anne Christin Deutschen
  • Philipp Dewald
  • Eduard Ebert
  • Lucy Emmel
  • Simon Enzinger
  • Luis Felger
  • Simon Hasir
  • Dominik Kempter
  • Daniel Kiefer
  • Maximilian Löffler
  • Linda Müller
  • Fabian Pütz
  • Mikka Rainer
  • Tim Recktenwald
  • Simon Rink
  • Florian Romann
  • Raoul Scholtes
  • Philipp Settegast
  • Luc Seyler
  • Willy Steinhart
  • Nicolas Tran
  • Lukas Vermeulen
  • Sophie Wenning

Former thesis students

  • Matthias Michels (2024): Privacy, Anyone? An Investgation into the adoption of privacy-friendly services and configurations
  • Philip Decker (2023): Bug-Bounty Metamorphose - A Study on the Development Of Programs and Providers
  • Franziska Granzow (2023): Messaging private data: Leakage of sensitive data via postMessage handlers after login
  • Lorenz Hetterich (2023): Research Immersion Lab on Web Measurements
  • Karthik Ramakrishnan (2023): Research Internship on Security Headers
  • Moritz Wilhelm (2023): A Song of Trust and Archives: Assessing the Dependability of Web Archives for Reproducible Web Security Measurements
  • Philipp Baus (2022): Do you Trust your Types? A Qualitative Study on the Usability of Trusted Types to Mitigate Client-Side XSS Vulnerabilities (awarded second place at CAST Price for best Bachelor thesis in 2023)
  • Birk Blechschmidt (2022): Extended Hell: A Study on the Current Support of Email Confidentiality and Integrity
  • Antonios Gkiokoutai (2022): It's not the same anoymore: Temporal Analysis of Security of Browser Extension Updates
  • Florian Hantke (2022): How weird is your parser? Proposing stricter HTML rules to harden HTML parser engines and avoid XSS and related attacks
  • Thomas Helbrecht (2022): An Empirical Study of Client-Side Cross-Site Scripting
  • Metodi Mitkov (2022): Pre- and Post-Login Security Inconsistencies on the Web
  • Leon Trampert (2022): Research Immersion Lab on Security Tokens
  • David Butscher (2021): Measuring the Impact of the Crawling Context on the Results of Web Scanners
  • Lucy Emmel (2021): SynthTT: Jamming Client-Side XSS with synthesized TrustedTypes sanitizers
  • Marc Katz (2021): Malicious Tag Soup: How the HTML standard undermines web security
  • Jannis Rautenstrauch (2021): XS-Leaks: How affected are browsers and the web?
  • Peter Stolz (2021): To hash or not to hash: A security assessment of the CSP directive unsafe-hashes
  • Moritz Wilhelm (2021): retroCSP: Retrofitting Web Security on the Client Side by Reinforcing Widespread CSP Support (awarded CAST Price for best Bachelor thesis in 2021)
  • Shubham Agarwal (2020): Investigating the Impact of Persistent State on Client-Side CSRF in Web Applications
  • Benjamin Hollinger (2020): Examining the Security of Embedded Browsers
  • Maximilian Jung (2020): Studying Client-Side Cross-Site-Scripting via Taint-Tracking
  • Matthias Michels (2020): Revisiting large Scale Vulnerability Notifications
  • Alexander Rassier (2020): CIDeR: Automatically Implementing Nonce-Based Content Security Policies
  • Sebastian Roth (2019): Content Security Policy - A Shapeshifter's Tale
  • Dennis Salzmann (2019): Studying Strategies During Online A/D CTFs
  • Kolja Graßmann (2018): Studying Patching Behaviour of Client-Side XSS Flaws
  • Tobias Kirsch (2018): How does filtering on the web work?
  • Marius Steffens (2017): A Tale of the Tangled Web: A historic overview of the (In)Security of Client Side Web Applications