We at the Institute of Application Security are interested in the broad spectrum of security and privacy that exist on the application level.
This includes the detection of vulnerabilities in source code or protocols, identification of novel security issues, and the development of procedures and tools to prevent security vulnerabilities.
Our current research focus is on the topics of software security including web application security, honeypots, fuzzing, novel privacy securing measures, the design and evaluation of security relevant protocols.
David was an invited speaker at this year's DATEV coding festival, presenting on our work on detecting and preventing XSS vulnerabilities.
The hacklab has won the 3rd place @ TU Braunschweig's teaching awards in the category Best Lab / Exercise !
Our papers on Attacks on Web Archives and on DOM Gadgets were presented at ACM CCS 2025 in Taipei! more...
Bringing Hacking to the masses! Jannik won 2nd place at the Google CTF finals Hackceler8 in Mexico City as part of the international Zer0RocketWrecks team. The final combines Speedrunning and Capture the Flag competitions in an unique way.
HyTrack and our shared work on CVEs in academia, which won the Distinguished Paper Award, were presented at Usenix this year!
Manuel presented his work at Usenix WOOT on CSV Formula Injection and Jannik an attack surface study of the extract PHP function, which won the best paper award!
Alex attended this year's New Security Paradigms Workshop in Aerzen (GER), where she acted as a local chair!
Our introductory hacking lab produced an unprecedented high number of passing hackers with a four-way tie of the first place solving all challenges. Congratulations, you earned it!
IAS' team Wir wissen wo dein Auto fährt Zero supervised by Malte, showed that dTPMS sensors can be misused to track cars and won the 3rd place at the Young Software Developers Day. Congrats!
Vladislav Mladenov gave an awesome talk about PDF-Security in our Lab guest lecture series. PDFs are scary powerful after all.
We combined our guest lectures in our Lab courses with the Charter of Trust with an awesome talk from Janik Besendorf from Reporters without Borders, more...
Alex attended CASA's workshop Women in Security and Cryptography where she talked about how local political changes may influence the Internet's security on a global scale.
The Open Technology Fund published Alexandra's technical report about her research project in 2023 on state-level surveillance in Russias digital infrastructure! More...
We are pleased to announce that Simon Koch has successfully defended his dissertation. more...
We got two papers accepted at the S&P'25! The first work by David explores why developers struggle with building privacy-compliant implementations. The second work by Alex and Tobias Fiebig examines the influence of the mere claim of the use of PET's in a product.
The TUBS' Magazine published an article about Alexandra's recent publication, in which she is working with an interdisciplinary team to rethink the current structures of ethical review in Computer Science research.
In a new work to appear at USENIX Sec' 25, we discovered a powerful new tracking technique on Android devices we call HyTrack, read the paper here.
Alex' paper about rivising the Procedures of Ethical Reviewing in CS Research was finally published at New Security Paradigms Workshop! This is a fully interdisciplinary work by Sebastian Giessler (Research Ethics), Hendrik Erz (Analytical Sociology) and Tobias Fiebig (Internet Network Research).
David presented a briefing on HTML parsing differentials at Blackhat EU in London. more...
Robin and Malte presented their work on Blind XSS and SSRF Defenses at USENIX Security, more....
Jiska Classen visited the IAS to give a guest lecture in this year's iteration of the Seclab.
Martin and David attended IEEE Security & Privacy in San Francisco, USA to present our work on HTML parsing differentials, met some old friends and made new ones. More...
Robin Kirchner presented his work on Blind-XSS at the 2nd CoT Meetup. more...
Sebastian Lekias is among the final four for the CAST/GI Promotionspreis IT-Sicherheit 2024 with his dissertation Client-Side Cross-Site Scripting : Exploitation, Detection, Mitigation, and Prevention. Congratulations!
Malte Wessels gave an introductory talk on SSRF at Winterkongress 2024, more…
Simon won the "Distinguished Presentation Award" at MADWEB '24 for our work on assessing importance metrics for open source projects. Congratulations!
We hosted a fun CTF for 11th and 12th grade school students at the "Tag der Informatik". Learn how many young security hackers cracked our challenges, here.
A new year brings a new colleague: Jan Niklas Drescher joins us as PhD candidate!