Technische Universität Braunschweig
  • Study & Teaching
    • Beginning your Studies
      • Prospective Students
      • Degree Programmes
      • Application
      • Fit4TU
      • Why Braunschweig?
    • During your Studies
      • Fresher's Hub
      • Term Dates
      • Courses
      • Practical Information
      • Beratungsnavi
      • Additional Qualifications
      • Financing and Costs
      • Special Circumstances
      • Health and Well-being
      • Campus life
    • At the End of your Studies
      • Discontinuation and Credentials Certification
      • After graduation
      • Alumni
    • For Teaching Staff
      • Strategy, Offers and Information
      • Learning Management System Stud.IP
    • Contact
      • Study Service Centre
      • Academic Advice Service
      • Student Office
      • Career Service
  • Research
    • Research Profile
      • Core Research Areas
      • Clusters of Excellence at TU Braunschweig
      • Research Projects
      • Research Centres
      • Professors‘ Research Profiles
    • Early Career Researchers
      • Support in the early stages of an academic career
      • PhD-Students
      • Postdocs
      • Junior research group leaders
      • Junior Professorship and Tenure-Track
      • Habilitation
      • Service Offers for Scientists
    • Research Data & Transparency
      • Transparency in Research
      • Research Data
      • Open Access Strategy
      • Digital Research Announcement
    • Research Funding
      • Research Funding Network
      • Research funding
    • Contact
      • Research Services
      • Academy for Graduates
  • International
    • International Students
      • Why Braunschweig?
      • Degree seeking students
      • Exchange Studies
      • TU Braunschweig Summer School
      • Refugees
      • International Student Support
      • International Career Service
    • Going Abroad
      • Studying abroad
      • Internships abroad
      • Teaching and research abroad
      • Working abroad
    • International Researchers
      • Welcome Support for International Researchers
      • Service for Host Institutes
    • Language and intercultural competence training
      • Learning German
      • Learning Foreign Languages
      • Intercultural Communication
    • International Profile
      • Internationalisation
      • International Cooperations
      • Strategic partnerships
      • International networks
    • International House
      • About us
      • Contact & Office Hours
      • News and Events
      • International Days
      • 5th Student Conference: Internationalisation of Higher Education
      • Newsletter, Podcast & Videos
      • Job Advertisements
  • TU Braunschweig
    • Our Profile
      • Aims & Values
      • Regulations and Guidelines
      • Alliances & Partners
      • The University Development Initiative 2030
      • Facts & Figures
      • Our History
    • Career
      • Working at TU Braunschweig
      • Vacancies
    • Economy & Business
      • Entrepreneurship
      • Friends & Supporters
    • General Public
      • Check-in for Students
      • CampusXperience
      • The Student House
      • Access to the University Library
    • Media Services
      • Communications and Press Service
      • Services for media
      • Film and photo permits
      • Advices for scientists
      • Topics and stories
    • Contact
      • General Contact
      • Getting here
  • Organisation
    • Presidency & Administration
      • Executive Board
      • Designated Offices
      • Administration
      • Committees
    • Faculties
      • Carl-Friedrich-Gauß-Fakultät
      • Faculty of Life Sciences
      • Faculty of Architecture, Civil Engineering and Environmental Sciences
      • Faculty of Mechanical Engineering
      • Faculty of Electrical Engineering, Information Technology, Physics
      • Faculty of Humanities and Education
    • Institutes
      • Institutes from A to Z
    • Facilities
      • University Library
      • Gauß-IT-Zentrum
      • Professional and Personnel Development
      • International House
      • The Project House of the TU Braunschweig
      • Transfer Service
      • University Sports Center
      • Facilities from A to Z
    • Equal Opportunity Office
      • Equal Opportunity Office
      • Family
      • Diversity for Students
  • Search
  • Quicklinks
    • People Search
    • Webmail
    • cloud.TU Braunschweig
    • Messenger
    • Cafeteria
    • Courses
    • Stud.IP
    • Library Catalogue
    • IT Services
    • Information Portal (employees)
    • Link Collection
    • DE
    • EN
    • Instagram
    • YouTube
    • LinkedIn
    • Mastodon
    • Bluesky
Menu
  • Organisation
  • Faculties
  • Carl-Friedrich-Gauß-Fakultät
  • Institutes
Logo Institut für Anwendungssicherheit der TU Braunschweig
Institute for Application Security
  • Institute for Application Security
    • Team
    • Publications
    • Projects
    • Teaching
    • Rent a Laptop
    • Contact
    • CVEs and Media
    • LegoLab

Institute for Application Security

Ansicht IAS

We at the Institute of Application Security are interested in the broad spectrum of security and privacy that exist on the application level. 

This includes the detection of vulnerabilities in source code or protocols, identification of novel security issues, and the development of procedures and tools to prevent security vulnerabilities.

Our current research focus is on the topics of software security including web application security, honeypots, fuzzing, novel privacy securing measures, the design and evaluation of security relevant protocols.

News

05/2025 Robin traveled to San Francisco to speak about Blind Cross-site Scripting research at RSAC more...
05/2025 The Open Technology Fund published Alexandra's technical report about her research project in 2023 on state-level surveillance in Russias digital infrastructure! More...
04/2025 We are pleased to announce that Simon Koch has successfully defended his dissertation. more...
03/2025 We got two papers accepted at the S&P'25! The first work by David resulted from a collaboration with Ruhr Universität Bochum and Universität Köln and explores why developers struggle with building privacy-compliant implementations through a programming study with 30 professional software developers. The second work by Alex and Tobias Fiebig examines whether the mere claim of the use of PET's in a product influences the user's trust regarding their privacy perception, and what risks can arise if this trust is abused.
03/2025 Alex is going to support this year's New Security Paradigms Workshop as a local chair!
03/2025 The TUBS' Magazine published an article about Alexandra's recent publication, in which she is working with an interdisciplinary team to rethink the current structures of ethical review in Computer Science research.
03/2025 Simon talks at 5th Cyber Security Meetup at TU Braunschweig more...
02/2025 Next stop RuhrSec, where David will present on HTML Sanitizer insecurity.
02/2025 Our hacking course Hacklab 24/25 was a success, more...
01/2025 In a new work to appear at USENIX Sec' 25, we discovered a powerful new tracking technique on Android devices we call HyTrack, read the paper here.
01/2025 Alex' paper about rivising the Procedures of Ethical Reviewing in CS Research was finally published at New Security Paradigms Workshop! This is a fully interdisciplinary work by Sebastian Giessler (Research Ethics), Hendrik Erz (Analytical Sociology) and Tobias Fiebig (Internet Network Research).
12/2024 IAS meets Chaos: We attended this years 38c3 in Hamburg, more...
12/2024 David presented a briefing on HTML parsing differentials at Blackhat EU. more...
11/2024 David will give a talk on HTML parsing differentials and how they break security assumptions sanitizers rely upon at Blackhat EU in London on 12. December. See you there!
11/2024 Malte gave a talk about SSRF and Defenses at the German OWASP Day 2024.
09/2024 Alexandra attended this year's New Security Paradigms Workshop, where she had intensive discussions for her work on procedures of Ethics Reviewing in CS Research. Read the paper pre-print HERE.
09/2024 Alex' collaborative work with Censored Planet on network responses to Russia's invasion of Ukraine won the Best Practical Award at FOCI'24! more...
08/2024 Robin and his co-authors received a Distinguished Paper Award at USENIX Security 2024, more...
08/2024 Robin and Malte will present their work on Blind XSS and SSRF Defenses at USENIX Security, more...
07/2024 We celebrated the end of this year's Seclab, more..
07/2024 Next stop: Bristol. David and Robin are presenting their papers at the 24th Privacy Enhancing Technologies Symposium (PETS).
06/2024 Jiska Classen visited the IAS to give a guest lecture in this year's iteration of the Seclab.
06/2024 Alexandra and her student Anna Sack attended the SplinterCon'24 in Brussels in Belgium. During their stay, they also had a look inside the EU Parliament. More...
05/2024 Martin and David attended IEEE Security & Privacy in San Francisco, USA to present our work on HTML parsing differentials, met some old friends and made new ones. More...
04/2024 Robin Kirchner presented his work on Blind-XSS at the 2nd CoT Meetup. more...
04/2024 Sebastian Lekias is among the final four for the CAST/GI Promotionspreis IT-Sicherheit 2024 with his dissertation Client-Side Cross-Site Scripting : Exploitation, Detection, Mitigation, and Prevention. Congratulations!
03/2024 Malte Wessels gave an introductory talk on SSRF at Winterkongress 2024, more…
03/2024 Simon won the "Distinguished Presentation Award" at MADWEB '24 for our work on assessing importance metrics for open source projects. Congratulations!
02/2024 Our Hacklab course celebrated with Pizza and Mate, more…
01/2024 We hosted a fun CTF for 11th and 12th grade school students at the "Tag der Informatik". Learn how many young security hackers cracked our challenges, here.
01/2024 A new year brings a new colleague: Jan Niklas Drescher joins us as PhD candidate!
12/2023 Jannik presented his work on the pwntools exploit development framework at the 37C3 together with co-maintainer Arusekk. In the PWNing meetup session they showed off nifty features to save time during rapid exploit prototyping (slides).
11/2023 Martin, Manuel, Malte, Simon and David will attend CCS in Copenhagen next week to present our work on GDPR enforcement and the detection of race conditions in PHP applications. See you in Denmark!
11/2023 Team CyberTaskForce Zero - represented by our colleagues Jannik Hartung, Tobias Jost and Malte Wessels, joined by student Leonard Jari Zurek - weren't afraid of no ghosts when they captured 6th place at The Haxorcist CTF. The Halloween themed competition with 30 attending teams was hosted on October 28th 2023 at the IBM Cyber Garage for Defense in Bonn, Germany by Laokoon SecurITy. Under patronage of Germany's federal data protection officer Ulrich Kelber, all teams were eager to show their hacking skills and proficiency in finding and exploiting vulnerabilities in multiple challenge categories like web applications and cryptography.
10/2023 After multiple weeks and 27 hacking challenges our colleagues Jannik and Tobias managed to place in the top 20 on the qualifiers scoreboard of the Deutschlands Bester Hacker competition, thus attending the event finals for the second time in a row. More...
08/2023 Jannik hacked satellites together with the german all-star team "krautsat" at the Hack-A-Sat competition - the first CTF in space! They even took their own photo of the earth.
08/2023 The TUBS' Magazine published an article (GER) about Alexandra's work on the security and privacy implications for Internet users in times of Russia's ongoing invasion on Ukraine. More...
07/2023 The end of this semester also marks the end of the first Seclab hosted at IAS. We celebrated the successful Praktikum by hosting a BBQ party and creating the Seclab Hall of Fame. If you enjoyed the Seclab and want more challenging tasks: Check out the Hacklab next semester!
06/2023 The IAS and IBR institutes hosted the "2nd Cybersecurity Meetup Braunschweig" with 50 participants from academia and industry. more…
03/2023 During her visit in Wien Alex attended the workshop 'Re-valuing European Research Infrastructures". Together with Sebastian Giessler they presented their work-in-progress about integrating Ethical Reviewing in CS Research more…
05/2023 David and Simon are presenting their work at this year's German OWASP Day.
04/2023 David and Marius are presenting their work on Hand Sanitizer and Server Side Browsers at this year's RuhrSec in May.
03/2023 Alex is presenting LogPicker at IETF 116 during the Privacy Enhancement and Assessments Research Group session! more…
03/2023 Simon presented our work on JS JIT compiler fuzzing at the NDSS Symposium in San Diego, CA.
02/2023 Alex' first collaborative work with CensoredPlanet was accepted at USENIX'23: Network Responses to Russia’s Invasion of Ukraine in 2022: A Cautionary Tale for Internet Freedom.
02/2023 The second iteration of our Hacklab course was a great success! It's been a challenge and we are proud of your achievements! more...
01/2023 Malte Wessels, IAS masters' graduate Benjamin Altpeter, and Lorenz Sieben gave their talk "Trackers in mobile apps and their legality—A look at the mobile tracking landscape" at FireShonks. more…
11/2022 We are thrilled to announce that Marius Musch has successfully defended his dissertation and is now our institute’s first doctor. more...
10/2022 For the following year our colleague Alexandra Dirksen is an ICFP fellow! In collaboration with OTF and CensoredPlanet she will take a closer look into the global Web PKI landscape during this time. more...
09/2022 Our colleagues Jannik Hartung and Tobias Jost represented the IAS at the Deutschlands Bester Hacker hacking challenge finals in Munich more...
09/2022 We are attending this years Annual Computer Security Applications Conference (ACSAC) to present our paper: "Accept All Exploits: Exploring the Security Impact of Cookie Banners".
08/2022 Marius Musch presented a poster of "U Can’t Debug This: Detecting JavaScript Anti-Debugging Techniques in the Wild" at Usenix 2022 in Boston, USA. This was our first in-person presentation of this topic, due to the conference going virtual last year. more...
06/2022 David Klein presented our work on “Hand Sanitizers in the Wild: A Large-scale Study of Custom JavaScript Sanitizer Functions” at the 7th IEEE European Symposium on Security and Privacy in Genoa, Italy. more...
06/2022 Japan! Marius Musch and Robin Kirchner presented our work on “Server-Side Browsers: Exploring the Web’s Hidden Attack Surface” at the Asia CSS in Nagasaki. more...
05/2022 A new member has joined our institute - we welcome Malte Wessels to our team!
04/2022 David Klein will present our work on “Hand Sanitizers in the Wild: A Large-scale Study of Custom JavaScript Sanitizer Functions” at EuroS&P 2022 in June! Joint work with SAP Security Research and Ben Stock at CISPA.
02/2022 The first iteration of our Hacklab was a success! Congratulations to all participants who hacked their way through a variety of fields such as web, reverse engineering and vehicle networking!
02/2022 Marius Musch and Robin Kirchner will present our work on “Server-Side Browsers: Exploring the Web’s Hidden Attack Surface” at this year's Asia CCS conference in May!
Photo credits on this page

For All Visitors

Vacancies of TU Braunschweig
Career Service' Job Exchange 
Merchandising

For Students

Term Dates
Courses
Degree Programmes
Information for Freshman
TUCard

Internal Tools

Glossary (GER-EN)
Change your Personal Data

Contact

Technische Universität Braunschweig
Universitätsplatz 2
38106 Braunschweig

P. O. Box: 38092 Braunschweig
GERMANY

Phone: +49 (0) 531 391-0

Getting here

© Technische Universität Braunschweig
Legal Notice Privacy Accessibility

TU Braunschweig uses the software Matomo for anonymised web analysis. The data serve to optimise the web offer.
You can find more information in our data protection declaration.