We at the Institute of Application Security are interested in the broad spectrum of security and privacy that exist on the application level.
This includes the detection of vulnerabilities in source code or protocols, identification of novel security issues, and the development of procedures and tools to prevent security vulnerabilities.
Our current research focus is on the topics of software security including web application security, honeypots, fuzzing, novel privacy securing measures, the design and evaluation of security relevant protocols.
| 11/2023 | Martin, Manuel, Malte, Simon and David will attend CCS in Kopenhagen next week to present our work on GDPR enforcement and the detection of race conditions in PHP applications. See you in Denmark! |
| 11/2023 | Team CyberTaskForce Zero - represented by our colleagues Jannik Hartung, Tobias Jost and Malte Wessels, joined by student Leonard Jari Zurek - weren't afraid of no ghosts when they captured 6th place at The Haxorcist CTF. The Halloween themed competition with 30 attending teams was hosted on October 28th 2023 at the IBM Cyber Garage for Defense in Bonn, Germany by Laokoon SecurITy. Under patronage of Germany's federal data protection officer Ulrich Kelber, all teams were eager to show their hacking skills and proficiency in finding and exploiting vulnerabilities in multiple challenge categories like web applications and cryptography. |
| 10/2023 | After multiple weeks and 27 hacking challenges our colleagues Jannik and Tobias managed to place in the top 20 on the qualifiers scoreboard of the Deutschlands Bester Hacker competition, thus attending the event finals for the second time in a row. More... |
| 08/2023 | Jannik hacked satellites together with the german all-star team "krautsat" at the Hack-A-Sat competition - the first CTF in space! They even took their own photo of the earth. |
| 08/2023 | The TUBS' Magazine published an article (GER) about Alexandra's work on the security and privacy implications for Internet users in times of Russia's ongoing invasion on Ukraine. More... |
| 07/2023 | The end of this semester also marks the end of the first Seclab hosted at IAS. We celebrated the successful Praktikum by hosting a BBQ party and creating the Seclab Hall of Fame. If you enjoyed the Seclab and want more challenging tasks: Check out the Hacklab next semester! |
| 06/2023 | The IAS and IBR institutes hosted the "2nd Cybersecurity Meetup Braunschweig" with 50 participants from academia and industry. more… |
| 03/2023 | During her visit in Wien Alex attended the workshop 'Re-valuing European Research Infrastructures". Together with Sebastian Giessler they presented their work-in-progress about integrating Ethical Reviewing in CS Research more… |
| 05/2023 | David and Simon are presenting their work at this year's German OWASP Day. |
| 04/2023 | David and Marius are presenting their work on Hand Sanitizer and Server Side Browsers at this year's RuhrSec in May. |
| 03/2023 | Alex is presenting LogPicker at IETF 116 during the Privacy Enhancement and Assessments Research Group session! more… |
| 03/2023 | Simon presented our work on JS JIT compiler fuzzing at the NDSS Symposium in San Diego, CA. |
| 02/2023 | Alex' first collaborative work with CensoredPlanet was accepted at USENIX'23: Network Responses to Russia’s Invasion of Ukraine in 2022: A Cautionary Tale for Internet Freedom. |
| 02/2023 | The second iteration of our Hacklab course was a great success! It's been a challenge and we are proud of your achievements! more... |
| 01/2023 | Malte Wessels, IAS masters' graduate Benjamin Altpeter, and Lorenz Sieben gave their talk "Trackers in mobile apps and their legality—A look at the mobile tracking landscape" at FireShonks. more… |
| 11/2022 | We are thrilled to announce that Marius Musch has successfully defended his dissertation and is now our institute’s first doctor. more... |
| 10/2022 | For the following year our colleague Alexandra Dirksen is an ICFP fellow! In collaboration with OTF and CensoredPlanet she will take a closer look into the global Web PKI landscape during this time. more... |
| 09/2022 | Our colleagues Jannik Hartung and Tobias Jost represented the IAS at the Deutschlands Bester Hacker hacking challenge finals in Munich more... |
| 09/2022 | We are attending this years Annual Computer Security Applications Conference (ACSAC) to present our paper: "Accept All Exploits: Exploring the Security Impact of Cookie Banners". |
| 08/2022 | Marius Musch presented a poster of "U Can’t Debug This: Detecting JavaScript Anti-Debugging Techniques in the Wild" at Usenix 2022 in Boston, USA. This was our first in-person presentation of this topic, due to the conference going virtual last year. more... |
| 06/2022 | David Klein presented our work on “Hand Sanitizers in the Wild: A Large-scale Study of Custom JavaScript Sanitizer Functions” at the 7th IEEE European Symposium on Security and Privacy in Genoa, Italy. more... |
| 06/2022 | Japan! Marius Musch and Robin Kirchner presented our work on “Server-Side Browsers: Exploring the Web’s Hidden Attack Surface” at the Asia CSS in Nagasaki. more... |
| 05/2022 | A new member has joined our institute - we welcome Malte Wessels to our team! |
| 04/2022 | David Klein will present our work on “Hand Sanitizers in the Wild: A Large-scale Study of Custom JavaScript Sanitizer Functions” at EuroS&P 2022 in June! Joint work with SAP Security Research and Ben Stock at CISPA. |
| 02/2022 | The first iteration of our Hacklab was a success! Congratulations to all participants who hacked their way through a variety of fields such as web, reverse engineering and vehicle networking! |
| 02/2022 | Marius Musch and Robin Kirchner will present our work on “Server-Side Browsers: Exploring the Web’s Hidden Attack Surface” at this year's Asia CCS conference in May! |
