Secure Web Applications Group

Dr.-Ing. Ben Stock

Dr.-Ing. Ben Stock Head of the Research Group

Kaiserstraße 21, St. Ingbert, Room 4.12
+49 681 87083 2681
stock [at] cispa.de

I am the head of the Secure Web Applications Group and Tenured Faculty at CISPA. Prior to that, I was a postdoctoral researcher in the group of Michael Backes. Before joining CISPA, I was a Doctoral Student and research fellow at the Security Research Group of the University Erlangen-Nuremberg, supervised by Felix Freiling.

Research Interests: Web Security, Network Security, Vulnerability Notifications, Usable Security

Research Staff

Shubham Agarwal

Shubham Agarwal Doctoral Student

Kaiserstraße 21, St. Ingbert, Room 4.11
shubham.agarwal [at] cispa.de

Since March 2021, I am Ph.D. student in the Secure Web Applications Group, supervised by Ben Stock. Before this, I pursued my master's in Computer Science from Saarland University while also working at MPI Informatik as a Research Assistant. I did my bachelor studies at Vellore Institue of Technology, India.

Research Interests: Web Security, Vulnerability Detection

Florian Hantke

Florian Hantke Doctoral Student

Kaiserstraße 21, St. Ingbert, Room 4.11
florian.hantke [at] cispa.de

Since April 2022, I am a Ph.D. student at CISPA, supervised by Ben Stock. Before joining CISPA, I completed my master's and bachelor's degree in Computer Science from Friedrich-Alexander-Universität. Parallel to my university journey, I also worked as a research assistant at FAU and Security Consultant at SEC Consult.

Research Interests: Web Security, HTML Parser, Vulnerability Detection

Jannis Rautenstrauch

Jannis Rautenstrauch Doctoral Student

Kaiserstraße 21, St. Ingbert, Room 4.11
jannis.rautenstrauch [at] cispa.de

I investigate privacy threats in the context of web security at CISPA. Since January 2022, I have been a Ph.D. student supervised by Ben Stock. Before that, I obtained a master's degree in Computer Science from Saarland University and a bachelor's degree in Cognitive Science from Osnabrück University.

Research Interests: Web Security and Privacy

Christine Utz

Christine Utz Postdoctoral Researcher

Kaiserstraße 21, St. Ingbert, Room 4.11
christine.utz [at] cispa.de

I joined SWAG as a postdoc in January 2023. I defended my PhD in November 2022, supervised by Thorsten Holz at Ruhr University Bochum, where I was part of the interdisciplinary graduate program SecHuman and had earlier obtained MSc and BSc degrees in IT Security / Information Technology. I spent part of my master's at Purdue University in Indiana and also hold a law degree from the University of Bayreuth.

Research Interests: Web and Mobile Privacy, Usable Security and Privacy, Data Protection

Current student helpers


Eduard Ebert

Simon Enzinger

Daniel Kiefer

Metodi Mitkov

Julian Rederlechner

Moritz Wilhelm

Current thesis students / student lab members


Philipp Baus

Birk Blechschmidt

Thomas Helbrecht

Leon Trampert

Alumni

Former Research Staff

Aurore Fass

Dr.-Ing. Aurore Fass Doctoral Student (01/2018 - 05/2021); Postdoctoral Researcher (05/2021 - 10/2021)

I am visiting assistant professor at Stanford University since October 2021. Since January 2018, I was a Ph.D. student at CISPA, jointly supervised by Michael Backes and Ben Stock, and defended my PhD in May 2021. Prior to that, I was a master student at the French Grande École TELECOM Nancy and wrote in particular my master's thesis at the German Federal Office for Information Security under the supervision of Isabelle Chrisment and Robert Krawczyk.

Research Interests: Static Code Analysis, Malware & Vulnerability Detection, Machine Learning, Adversarial Attacks

Pierre Laperdrix

Dr. Pierre Laperdrix Postdoctoral Researcher (03/2019 - 08/2019)

I am a full-time researcher in the SPIRALS team at CNRS. Before that, I was a postdoctoral researcher in the Secure Web Applications Group at the CISPA-Helmholtz Center for Information Security. Previously, I was a postdoctoral researcher in the PragSec lab at Stony Brook University working with Nick Nikiforakis. My current topics of research are Security and privacy on the Web. I obtained my PhD at Inria in Rennes working on the topic of browser fingerprinting. As part of my thesis, I developed the AmIUnique website to understand fingerprinting and worked with the Tor organization to improve the Tor browser fingerprinting defenses.

Research Interests: Web security, Browser Fingerprinting, Software Debloating

Gordon Meiser

Gordon Meiser Doctoral Student (07/2018 - 12/2019)

I was a Doctoral Student Secure Web Applications Group at CISPA, supervised by Ben Stock. In 2007, I wrote my master's thesis at the Ruhr University Bochum under the supervision of Christof Paar. Henceforth I worked as a security tester in the Siemens CERT, for T-Systems, and the Cosmosdirekt insurance.

Research Interests: Web Security, Blockchain/Cryptography

Marius Steffens

Dr.-Ing. Marius Steffens Doctoral Student (10/2018 - 07/2021)

Since October 2018, I was a Ph.D. student in the Secure Web Applications Group, supervised by Ben Stock. I defended my PhD in June 2021. Before that, I studied Cybersecurity at the University of Saarland, while working at the CISPA as a research assistant.

Research Interests: Web Security, Large-Scale Vulnerability Detection

Sebastian Roth

Sebastian Roth Doctoral Student (03/2019 - 03/2023)

Since April 2023, I am postdoctoral researcher at TU Vienna. From March 2019 until March 2023, I was a Ph.D. student at CISPA, supervised by Ben Stock. Before that, I studied Computer Science (Master) and Cybersecurity (Bachelor) at Saarland University, while working as a Research Assistant for CISPA.

Research Interests: Web Security, Vulnerability Detection, Usable Security, Vulnerability Notifications

Former student helpers

  • Jonas Büchner
  • Anne Christin Deutschen
  • Philipp Dewald
  • Lucy Emmel
  • Luis Felger
  • Simon Hasir
  • Dominik Kempter
  • Maximilian Löffler
  • Linda Müller
  • Mikka Rainer
  • Tim Recktenwald
  • Simon Rink
  • Florian Romann
  • Raoul Scholtes
  • Philipp Settegast
  • Luc Seyler
  • Nicolas Tran
  • Lukas Vermeulen
  • Sophie Wenning

Former thesis students

  • Florian Hantke (2022): How weird is your parser? Proposing stricter HTML rules to harden HTML parser engines and avoid XSS and related attacks
  • David Butscher (2021): Measuring the Impact of the Crawling Context on the Results of Web Scanners
  • Lucy Emmel (2021): SynthTT: Jamming Client-Side XSS with synthesized TrustedTypes sanitizers
  • Marc Katz (2021): Malicious Tag Soup: How the HTML standard undermines web security
  • Jannis Rautenstrauch (2021): XS-Leaks: How affected are browsers and the web?
  • Peter Stolz (2021): To hash or not to hash: A security assessment of the CSP directive unsafe-hashes
  • Moritz Wilhelm (2021): retroCSP: Retrofitting Web Security on the Client Side by Reinforcing Widespread CSP Support
  • Shubham Agarwal (2020): Investigating the Impact of Persistent State on Client-Side CSRF in Web Applications
  • Benjamin Hollinger (2020): Examining the Security of Embedded Browsers
  • Maximilian Jung (2020): Studying Client-Side Cross-Site-Scripting via Taint-Tracking
  • Matthias Michels (2020): Revisiting large Scale Vulnerability Notifications
  • Alexander Rassier (2020): CIDeR: Automatically Implementing Nonce-Based Content Security Policies
  • Sebastian Roth (2019): Content Security Policy - A Shapeshifter's Tale
  • Dennis Salzmann (2019): Studying Strategies During Online A/D CTFs
  • Kolja Graßmann (2018): Studying Patching Behaviour of Client-Side XSS Flaws
  • Tobias Kirsch (2018): How does filtering on the web work?
  • Marius Steffens (2017): A Tale of the Tangled Web: A historic overview of the (In)Security of Client Side Web Applications