Das IAS beschäftigt sich vornehmlich mit allen relevanten Aspekten der IT Sicherheit, die sich auf der Anwendungsebene niederschlagen.
Das umfasst das Erkennen von Sicherheitslücken in Source Code und Protokollen, die Ermittlung von potentiellen Sicherheitsproblemen in neuen Feldern und den Entwurf von proaktiven Verfahren zur Vermeidung von Sicherheitslücken.
Aktuelle Aktivitäten beinhalten zum Beispiel Themen wie Software Sicherheit, Sicherheit von Cloud & Web Anwendungen, Honeypots, Fuzzing, neue Verfahren zur Sicherung der Privatsphäre von Endnutzern und Entwurf/Evaluierung von Sicherheitsprotokollen.
Our student Minela Bećirović considered the (confusing / overly simplified / overly complicated / call it what you want) textual content of cookie banners being a dark pattern -
In her Master's Thesis, she examined the potential of the concept of plain language to make content more accessible.
The following German article contains a link to her Thesis, which written in English ...more
Clara Engler shared her first hand insights on possible threats on the Tor Project and what is done to mitigate them in our Hacklab expert talk series. She might have convinced the TU to host a Tor relay too at last!
David gave a guest lecture today at Uni Innsbruck on Dynamic Program Analysis for the Security and Privacy Lab.
Jan's and David's paper on Site Isolation bypass vulnerabilities was accepted at NDSS 2026.
Malte presented our work on HyTrack and our mobile privacy research at the 4th meeting of the labs of the German privacy regulatory authorities.
Robin was a Finalist at CSAW Europe's Applied Research Challenge, more...
David was an invited speaker at this year's DATEV coding festival, presenting on our work on detecting and preventing XSS vulnerabilities.
The hacklab has won the 3rd place @ TU Braunschweig's teaching awards in the category Best Lab / Exercise !
Our papers on Attacks on Web Archives and on DOM Gadgets were presented at ACM CCS 2025 in Taipei! more...
Bringing Hacking to the masses! Jannik won 2nd place at the Google CTF finals Hackceler8 in Mexico City as part of the international Zer0RocketWrecks team. The final combines Speedrunning and Capture the Flag competitions in an unique way.
HyTrack and our shared work on CVEs in academia, which won the Distinguished Paper Award, were presented at Usenix this year!
Manuel presented his work at Usenix WOOT on CSV Formula Injection and Jannik an attack surface study of the extract PHP function, which won the best paper award!
Alex attended this year's New Security Paradigms Workshop in Aerzen (GER), where she acted as a local chair!
Our introductory hacking lab produced an unprecedented high number of passing hackers with a four-way tie of the first place solving all challenges. Congratulations, you earned it!
IAS' team Wir wissen wo dein Auto fährt Zero supervised by Malte, showed that dTPMS sensors can be misused to track cars and won the 3rd place at the Young Software Developers Day. Congrats!
Vladislav Mladenov gave an awesome talk about PDF-Security in our Lab guest lecture series. PDFs are scary powerful after all.
We combined our guest lectures in our Lab courses with the Charter of Trust with an awesome talk from Janik Besendorf from Reporters without Borders, more...
Alex attended CASA's workshop Women in Security and Cryptography where she talked about how local political changes may influence the Internet's security on a global scale.
The Open Technology Fund published Alexandra's technical report about her research project in 2023 on state-level surveillance in Russias digital infrastructure! More...
We are pleased to announce that Simon Koch has successfully defended his dissertation. more...
We got two papers accepted at the S&P'25! The first work by David explores why developers struggle with building privacy-compliant implementations. The second work by Alex and Tobias Fiebig examines the influence of the mere claim of the use of PET's in a product.
The TUBS' Magazine published an article about Alexandra's recent publication, in which she is working with an interdisciplinary team to rethink the current structures of ethical review in Computer Science research.
In a new work to appear at USENIX Sec' 25, we discovered a powerful new tracking technique on Android devices we call HyTrack, read the paper here.
Alex' paper about rivising the Procedures of Ethical Reviewing in CS Research was finally published at New Security Paradigms Workshop! This is a fully interdisciplinary work by Sebastian Giessler (Research Ethics), Hendrik Erz (Analytical Sociology) and Tobias Fiebig (Internet Network Research).
David presented a briefing on HTML parsing differentials at Blackhat EU in London. more...
Robin and Malte presented their work on Blind XSS and SSRF Defenses at USENIX Security, more....
Jiska Classen visited the IAS to give a guest lecture in this year's iteration of the Seclab.
Martin and David attended IEEE Security & Privacy in San Francisco, USA to present our work on HTML parsing differentials, met some old friends and made new ones. More...
Robin Kirchner presented his work on Blind-XSS at the 2nd CoT Meetup. more...
Sebastian Lekias is among the final four for the CAST/GI Promotionspreis IT-Sicherheit 2024 with his dissertation Client-Side Cross-Site Scripting : Exploitation, Detection, Mitigation, and Prevention. Congratulations!
Malte Wessels gave an introductory talk on SSRF at Winterkongress 2024, more…
Simon won the "Distinguished Presentation Award" at MADWEB '24 for our work on assessing importance metrics for open source projects. Congratulations!
We hosted a fun CTF for 11th and 12th grade school students at the "Tag der Informatik". Learn how many young security hackers cracked our challenges, here.
A new year brings a new colleague: Jan Niklas Drescher joins us as PhD candidate!