News
Wrap upWritten on 02.08.21 by Cristian-Alexandru Staicu Thank you all for your participation. We hope that by attending this proseminar you learned quite a bit about giving a good scientific presentation, and about (our) ongoing research in web security. The grades should be registered in LSF by now, so please double-check that that is indeed the case. Let… Read more Thank you all for your participation. We hope that by attending this proseminar you learned quite a bit about giving a good scientific presentation, and about (our) ongoing research in web security. The grades should be registered in LSF by now, so please double-check that that is indeed the case. Let us know if you have any ideas on how to improve this proseminar or questions about the grade. Good luck with your studies and we hope to see you around! |
Invited Talk in our Web Sec Lecture SeriesWritten on 10.06.21 by Ben Stock Hi all, in our CISPA Web Sec lecture series, we have a speaker today who might be interesting for some of you. Feel free to join the Zoom call, info below. When: Thursday June 10, 10:00 AM Zoom link: https://cispa-de.zoom.us/j/96775779464?pwd=WFQ1aW9Xb2c1OHMybWlEUDIralN5QT09 Hi all, in our CISPA Web Sec lecture series, we have a speaker today who might be interesting for some of you. Feel free to join the Zoom call, info below. When: Thursday June 10, 10:00 AM Zoom link: https://cispa-de.zoom.us/j/96775779464?pwd=WFQ1aW9Xb2c1OHMybWlEUDIralN5QT09 Speaker: Stefano Calzavara Title: May I take your subdomain? Exploring same-site attacks on the modern Web
|
Topic Assignment and Schedule ChangeWritten on 16.04.21 (last change on 16.04.21) by Cristian-Alexandru Staicu Please find the topic assignment table here: https://cms.cispa.saarland/psadweb/3/Topic_assignment. As discussed in the kickoff meeting, for each topic we have three students assigned: one for presenting the topic and two for asking questions. Also, we decided to drop one topic and skip the first… Read more Please find the topic assignment table here: https://cms.cispa.saarland/psadweb/3/Topic_assignment. As discussed in the kickoff meeting, for each topic we have three students assigned: one for presenting the topic and two for asking questions. Also, we decided to drop one topic and skip the first session, so that the first presenters have more time to prepare. See you all on the 5th of May! |
Welcome to SADWebWritten on 13.04.21 by Ben Stock Welcome to the proseminar! We'll have the first meeting on April 14th at 2pm (sharp!). Please see the Zoom Access page, which is accessible once you are logged in via the CMS. |
(p)SADWeb: (Pro)Seminar on Attacks & Defense on the Web
Registration: to register for the proseminar, you have to use the central seminar system of the CS department.
(P)SADWeb provides students an overview over recent papers in the broader area of Web security. As the primary purpose of a proseminar is to familiarize yourself with a topic and learn presentation skills, the seminar will feature two presentations from each student.
In the first half of the semester, we will have presentations of two topics each week. After each presentation, the fellow students and lecturers will provide feedback on how to improve the presentation. This general feedback must then be taken into account for the second half of the semester, where again each student will do the second presentation. To not bore the audience, though, this paper will be different from the previously presented one.
The first presentations will count towards 30% of the overall grade, the second presentation will count towards 70% of the overall grade. Attendance in the proseminar meetings is mandatory. At most one session can be skipped, after that you need to bring a doctor’s note to excuse your absence. In addition, submitting feedback to each talk is mandatory, where also at most the talks on one date may be missing (which would naturally occur if you skip one session).
To ensure the quality of presentations is high, you have to set a meeting with the topic advisor one week before the first presentation to discuss the slides. For the second presentation, this meeting is optional, but if desired by the student must be a week before the meeting.
Important: the time for the proseminar is fixed for Wednesday 2-4pm. If you have conflicting courses, please do not bid on the proseminar. The kickoff will be on April 14. The first presentations will start on April 28.
Tentative timeline
- 14.4.2021 Kickoff
- 28.4.2021: No meeting
- 5.5.2021: Phishing, Fingerprinting
- 12.5.2021: Availability, Supply Chain Attacks
- 19.5.2021: Client-Side XSS, CSP
- 26.5.2021: [starting at 2:30pm] Mobile Web Apps
- 2.6.2021: Service Workers, WebAssembly
- 9.6.2021: ML for Web, XSLeaks
- 16.6.2021: Phishing, Fingerprinting,
- 23.6.2021: Availability, Supply Chain Attacks
- 30.6.2021: Client-Side XSS, CSP
- 7.7.2021: Service Workers
- 14.7.2021: Mobile Web Apps, WebAssembly
- 21.7.2021: ML for Web, XSLeaks
Topics & Papers
- Phishing (Giada Martina Stivala)
- Fingerprinting (Cris Staicu)
- Availability (Cris Staicu)
- Supply Chain Attacks (Cris Staicu)
- Client-Side XSS (Marius Steffens / Ben Stock)
- Content Security Policy (Sebastian Roth / Ben Stock)
Inconsistencies (Ben Stock)Reining in the Web’s Inconsistencies with Site Policy [NDSS 2021]A Tale of Two Headers: A Formal Analysis of Inconsistent Click-Jacking Protection on the Web [USENIX 2020]
- Service Workers (Francis Somé)
Browser Extensions (Aurore Fass)- Mobile Web Apps (Cris Staicu)
- WebAssembly (Cris Staicu)
- Everything old is new again: Binary security of WebAssembly [USENIX Security 2020]
- MINOS: A Lightweight Real-Time Cryptojacking Detection System [NDSS 2021]
- ML for Web (Cris Staicu)
- Anything to hide? Studying minified and obfuscated code in the web [The Web Conference 2019]
- Fingerprinting the fingerprinters: Learning to detect browser fingerprinting behaviors [S&P 2021]
- XSLeaks (Cris Staicu)