We at the Institute of Application Security are interested in the broad spectrum of security and privacy that exist on the application level.
This includes the detection of vulnerabilities in source code or protocols, identification of novel security issues, and the development of procedures and tools to prevent security vulnerabilities.
Our current research focus is on the topics of software security including web application security, honeypots, fuzzing, novel privacy securing measures, the design and evaluation of security relevant protocols.
04/2022 | David Klein will present our work on “Hand Sanitizers in the Wild: A Large-scale Study of Custom JavaScript Sanitizer Functions” at EuroS&P 2022 in June! Joint work with SAP Security Research and Ben Stock at CISPA. |
02/2022 | The first iteration of our Hacklab was a success! Congratulations to all participants who hacked their way through a variety of fields such as web, reverse engineering and vehicle networking! |
02/2022 | Marius Musch and Robin Kirchner will present our work on “Server-Side Browsers: Exploring the Web’s Hidden Attack Surface” at this year's Asia CCS conference in May! |
07/2021 | We set up a separate e-mail address for the course "Programmieren 1". All questions concerning this course up from WS 21/22 will be answered exclusively via prog1(at)tu-bs.de. |
07/2021 | In the upcoming winter term, we will offer a completely new pratical course "Hacklab" (following the success of the Seclab), as well as two seminars, and the mandatory Programmieren 1 lecture. |
07/2021 | Excited to announce that Marius Musch will present "U Can’t Debug This: Detecting JavaScript Anti-Debugging Techniques in the Wild" at the renowned Usenix Security Symposium 2021. |
06/2021 | Proud to announce that our paper LogPicker: Strengthening Certificate Transparency Against Covert Adversaries has been accepted at PETS'21. It's a joint work by Alexandra Dirksen, David Klein and Robert Michael from ISS! |