News

PhD positions

Written on 03.06.20 by Ben Stock

Hi all,

for those of you finishing their master's degrees soon, I want to point to the fact that CISPA has a couple of PhD positions open in the area of Web security. In particular, this is both in my group (see https://swag.cispa.saarland/jobs.html) and in the one of Cristian-Alexandru Staicu (see… Read more

Hi all,

for those of you finishing their master's degrees soon, I want to point to the fact that CISPA has a couple of PhD positions open in the area of Web security. In particular, this is both in my group (see https://swag.cispa.saarland/jobs.html) and in the one of Cristian-Alexandru Staicu (see https://www.staicu.org/job_post.html) who will be joining CISPA from October.

Even if you are not yet in the phase to consider the PhD, feel free to reach and discuss options with either one of us.

Updates after exam inspection / clarification about POP

Written on 25.10.19 by Ben Stock

After the feedback from the students in the exam inspection, we have had another look at the task about server-side requests. Unfortunately, the lecture did not really discuss three names for attacks, but the sample solution contained those. We have thus decided that each correct description of an… Read more

After the feedback from the students in the exam inspection, we have had another look at the task about server-side requests. Unfortunately, the lecture did not really discuss three names for attacks, but the sample solution contained those. We have thus decided that each correct description of an attack gives 2 points and not just 1 (for missing the name). Hence, a number of students now have more points there.

Also, regarding the POP task, I explicitly said this topic would not be covered in the exam. I only noticed the issue when looking at the graded exams. Hence, I decided that in order to get 100% of all points, you did not have to fill that task, i.e., 100% equaled 114 points. Accordingly, to pass, you needed 57 points. If you wrote an answer there, we nevertheless gave you points for correct answers.

Please see the CMS for the final results (which I will upload to LSF/HISPOS now).

Exam Inspection Location Update 2.11

Written on 23.10.19 by Marius Steffens

Since Ben is unavailable today, the exam inspection will take place in office 2.11.
Unfortunately, this office hosts at most 2 students. 

See you soon!

Backup exam #2 results and exam inspection

Written on 08.10.19 by Ben Stock

Due to a great effort by Marius and Sebastian, the exams are already graded. Please find the results in the CMS.

As I am travelling both this and all of next week, the first date we can do for the inspection is October 23 from 9 to 11. Please note that the inspection will again happen in my office,… Read more

Due to a great effort by Marius and Sebastian, the exams are already graded. Please find the results in the CMS.

As I am travelling both this and all of next week, the first date we can do for the inspection is October 23 from 9 to 11. Please note that the inspection will again happen in my office, which can at most hold three students at a time.

Re-Re-exam registration

Written on 30.09.19 by Ben Stock

Please check in the LSF for your registration status. You have to be registered by 23:59 today to take the exam and also be unregistered if you don't want to take it. You cannot take the exam if you are not registered by 23:59 today (no exceptions).

Exam inspect

Written on 28.09.19 by Ben Stock

The exam inspection for the first backup exam will take place on Monday, 30.10., from 10 to 12 in my office (2.09). Please note that we will not let anyone in after 11:30, as we want to be finished by 12

Exam results are online

Written on 18.09.19 by Ben Stock

Results are online. Please let me know if you want take a look so I can arrange a slot.

Location change for 1st backup exam

Written on 16.09.19 by Sebastian Roth

Given the small number of people taking the backup exam on Wednesday, it will not happen in HS0.02, but instead in CISPA's lecture hall.

Access to VMs

Written on 07.08.19 by Marius Steffens

You will have access to the Websec VMs which host screecher up until the first backup exam (18.09.). After that we will shutdown these VMs and you will solely have access to the Git. Similarly, we will shutdown the Git after the second backup exam (07.10.).  

Sample solution inspection

Written on 27.07.19 by Ben Stock

The date for the sample solution viewing is now set for Tuesday, July 30, from 13:00 to 15:00, which should not collide with exams. The inspection will happen in my office 2.09 in CISPA, meaning at any given time, at most three students can take a look at the exam.

Improving grades in backup exam

Written on 25.07.19 by Ben Stock

Yesterday in the inspection, there were several questions regarding improving one's grade in the backup exam. The Prüfungsordnung says explicitly that this must be announced at the beginning of the term. We did not announce this, hence by default, this means that the exam grade cannot be… Read more

Yesterday in the inspection, there were several questions regarding improving one's grade in the backup exam. The Prüfungsordnung says explicitly that this must be announced at the beginning of the term. We did not announce this, hence by default, this means that the exam grade cannot be improved.

However, after lengthy discussions with both Prüfungsamt and Prüfungsausschuss, I have decided to allow improving grades in the backup exam. This is seemingly the practice for advanced lectures even in the absence of explicitly stating that the grade can be improved. I will also make sure that next year's lecture explicitly states if the grade can be improved.

Notably, though, just allowing this would create an unfairness towards those students who (knowing the examination rules) skipped the main exam to not pass with a bad grade, as just attending the backup exam would not give them the chance to improve the grade (which can only occur within the same semester). The solution is as follows: we will offer two additional exams. This way, any student who has skipped the main exam has one attempt to improve their grade, even if they pass the first backup exam. Further, any student who did not take the main exam can make an appointment with me to have a look at the main exam including solutions (essentially an exam inspection of the sample solution) within the next two weeks (until August 7). Any student who has passed the main exam can choose to join either one of the two exams. However, if you passed the exam this week and pass the first backup, you cannot take the second backup (the exam regulations specifically say you can attempt to improve once).

The date for the first of the two exams is set for September 18, 13-15 in HS 002. The second one will remain in the original slot for the backup exam, October 7, 14-16 in GHH.

TL;DR
- Two additional exams (September 18 and October 7)
- Students who passed this week can choose either to improve their grade
- Students who skipped this week can write the first exam and improve in the second

Exam inspection

Written on 23.07.19 by Ben Stock

Thanks for all for reaching out to me about the inspection. I have therefore reserved room 0.07 in the CISPA building for Wednesday. The inspection is planned from 9 to 11, but we will not let anyone new in starting from 10:45 (such that are done by 11).

Exam results

Written on 22.07.19 by Ben Stock

... are online the CMS. Please let me know if you plan to attend the exam inspection so I know what size room I need to reserve.

Important note: server downtime

Written on 19.07.19 by Ben Stock

Due to a schedule maintenance of our power grid tomorrow, we have to shut down all CISPA servers tonight. This includes the CMS and the server hosting the recordings. This will hopefully be back online at some point tomorrow. Please make sure you download all materials you need to study for the exam today.

Evaluation results

Written on 19.07.19 by Ben Stock

Today I received the result of the evaluation, you can find them in the Materials section. First of all, thank you for your positive votes. Moreover, to all those who suggested improvements, another thank you for helping me to make the lecture better in the future. If you have further comments, feel… Read more

Today I received the result of the evaluation, you can find them in the Materials section. First of all, thank you for your positive votes. Moreover, to all those who suggested improvements, another thank you for helping me to make the lecture better in the future. If you have further comments, feel free to drop them via email or the CMS.

Happy studying and see you Monday!

Final slides

Written on 17.07.19 by Ben Stock

Unfortunately, the issues Sebastian faced with his computer were actual an issue with the media system in the lecture hall. Hence, there is no recording for today's Q&A lecture - but the slides are up :)

Recordings

Written on 16.07.19 by Ben Stock

Due to the responsible admin being out for a bit, there was a delay in uploading the recordings. I have now uploaded all recordings we had (both lectures and tutorials), so please find them in the regular place.

Updated slides for Lecture #7

Written on 15.07.19 by Ben Stock

For lecture 7, I updated the slides (specifically, slide 13) to better show how ALLOW-FROM works in browsers and fixed a bug in the final entry (was "ALLOW FROM" instead of "ALLOW-FROM").

This weeks Tutorial will take place on Friday

Written on 09.07.19 by Sebastian Roth

Due to the supply line works right before CISPA the water supply for the building will be interrupted on Thursday. Thus, we have to move this weeks tutorial slot from Thursday to Friday 8-10. 

We hope that you are able to join us on Friday. If you can not attend, feel free to watch the recordings… Read more

Due to the supply line works right before CISPA the water supply for the building will be interrupted on Thursday. Thus, we have to move this weeks tutorial slot from Thursday to Friday 8-10. 

We hope that you are able to join us on Friday. If you can not attend, feel free to watch the recordings of the tutorial and/or ask your questions in the AskBot. 

Server downtime & Tutorial

Written on 03.07.19 by Sebastian Roth

We are experiencing a downtime of our WebSec server at the moment, the Gameserver, Gitlab, and all Screecher instances might be offline for a few hours. Sorry for that inconvenience.

Because there was no lecture and because the exercise sheet is running until next week, we will have no tutorial… Read more

We are experiencing a downtime of our WebSec server at the moment, the Gameserver, Gitlab, and all Screecher instances might be offline for a few hours. Sorry for that inconvenience.

Because there was no lecture and because the exercise sheet is running until next week, we will have no tutorial this week. If you encounter questions while solving the exercise sheet or if you have general questions regarding the lecture content, feel free to use the askbot or write an email to Sebastian and/or Marius.

Registration for the exam

Written on 01.07.19 by Ben Stock

Please note that due to new regulations, everyone who is not registered within a week before the exam (meaning at latest July 14th) will not be able to take the exam. Please sign up in LSF/HISPOS if you can; from time to time, I will import the information into the CMS, so your status will be visible… Read more

Please note that due to new regulations, everyone who is not registered within a week before the exam (meaning at latest July 14th) will not be able to take the exam. Please sign up in LSF/HISPOS if you can; from time to time, I will import the information into the CMS, so your status will be visible here as well. Should your study course not allow for that, you should be able to register yourself in the CMS.

Should that not work, drop me an email.

Note again that you will not be able to take the exam if you fail to register in time.

Exercise Sheet 11 Exercise 1 Fix

Written on 28.06.19 by Sebastian Roth

Hi Folks,

The first exercise on the current exercise sheet was way harder to exploit as planned.
Thus, some actions have taken place:
  - There is a fix pushed into the screecher repos that disables the same-site cookies
  - We have removed the mime-type detection for jpgs from your attacker… Read more

Hi Folks,

The first exercise on the current exercise sheet was way harder to exploit as planned.
Thus, some actions have taken place:
  - There is a fix pushed into the screecher repos that disables the same-site cookies
  - We have removed the mime-type detection for jpgs from your attacker domain
  - Your attacker folders are no longer protected via basic-auth
Sorry for that inconvenience.  

Exercise Sheet 10 is online

Written on 19.06.19 by Sebastian Roth

Hi all,

Exercise Sheet 10 is online! For those that already started working on the exercise sheet, there was a small problem regarding the version check, thus you might need to pull again to get the newest screecher version from the reposiotry.

Due to public holiday there will be no tutorial… Read more

Hi all,

Exercise Sheet 10 is online! For those that already started working on the exercise sheet, there was a small problem regarding the version check, thus you might need to pull again to get the newest screecher version from the reposiotry.

Due to public holiday there will be no tutorial this week, but we will dicuss the solutions for exercise 9 in next week.

Have Fun!

Better late than after..

Written on 12.06.19 by Ben Stock

The preliminary slides are online :-)

Exercise Sheet 7

Written on 29.05.19 by Marius Steffens

You can now find the newest exercise sheet in the CMS. As always: Have fun and see you next week!

Lecture slides, tutorial, and slight delay in exercise sheets

Written on 29.05.19 by Ben Stock

Due to both Marius and myself being on a trip yesterday (and today for Marius), the preliminary slides have only just been uploaded. 

Also due to this, there will be a slight delay in releasing the exercises (most likely still today, though).

Finally, as tomorrow is a public holiday, there will… Read more

Due to both Marius and myself being on a trip yesterday (and today for Marius), the preliminary slides have only just been uploaded. 

Also due to this, there will be a slight delay in releasing the exercises (most likely still today, though).

Finally, as tomorrow is a public holiday, there will not be a tutorial. The solutions for the sheet from last week will be presented alongside those of this next in the tutorial on June 6th.

Alternative Lecture Slot for this Wednesday (15-05-2019)

Written on 13.05.19 by Sebastian Roth

According to the preliminary results of the Doodle, the lecture will take place at the 12-14 timeslot in the CISPA lecture hall.
For those who can not attend, we will supply the recordings of the lecture as soon as possible. 
In addition to that, the preliminary for the lecture is already available… Read more

According to the preliminary results of the Doodle, the lecture will take place at the 12-14 timeslot in the CISPA lecture hall.
For those who can not attend, we will supply the recordings of the lecture as soon as possible. 
In addition to that, the preliminary for the lecture is already available in the materials section.

Alternative Lecture Slot for this Wednesday (15-05-2019)

Written on 13.05.19 by Sebastian Roth

Due to a short notice event, the lecture hall in CISPA is unavailable at our usual timeslot.
Since we want to provide you with the recording of the lecture and the real lecture experience, we need to reschedule the lecture to one slot earlier/later.
Please fill out the following Doodle such that we… Read more

Due to a short notice event, the lecture hall in CISPA is unavailable at our usual timeslot.
Since we want to provide you with the recording of the lecture and the real lecture experience, we need to reschedule the lecture to one slot earlier/later.
Please fill out the following Doodle such that we know which timeframe suits you most.
Deadline: 14.05.2019 (tomorrow) 12:00
https://doodle.com/poll/fqxbva6q2xevursd

Exercise Sheet 4 online; no Tutorial today

Written on 09.05.19 by Marius Steffens

You can now find the new exercise sheet in the materials section of the CMS. As discussed yesterday in the Lecture, there will be no Tutorial today since we have no undiscussed sheet left. If there happen to be questions concerning past exercises/lecture content, please refer to the Askbot. As… Read more
You can now find the new exercise sheet in the materials section of the CMS. As discussed yesterday in the Lecture, there will be no Tutorial today since we have no undiscussed sheet left. If there happen to be questions concerning past exercises/lecture content, please refer to the Askbot. As always: have fun with the new exercises!

Gitlab Registration

Written on 02.05.19 by Marius Steffens

Apparently, some folks registered in our Gitlab which was not intended, we also disabled registration altogether now.

You can login with your CMS username and your secret displayed in the CMS as password, there will be a project called screecher waiting for you.

Any self-registered account will… Read more

Apparently, some folks registered in our Gitlab which was not intended, we also disabled registration altogether now.

You can login with your CMS username and your secret displayed in the CMS as password, there will be a project called screecher waiting for you.

Any self-registered account will not work for our projects. 

Tutorial Tomorow

Written on 01.05.19 by Marius Steffens

Tomorrow we will have the first regular Tutorial in CISPA's lecture hall starting at 8:30. We will discuss the past project, but as usual you can ask questions to previous contents of the lecture.

Changes to Exercise Sheet 3

Written on 24.04.19 by Sebastian Roth

In some cases, the ssh config which you should use to clone the GitLab is not working. If so, add the 'IdentityFile ~/.ssh/websec19' to your ssh config. The exercise sheet has been updated accordingly.

Exercise Sheet is online!

Written on 24.04.19 by Sebastian Roth

Exercise Sheet 3 as well as the solution for Exercise Sheet 2 are online now.

In addition to that all parts of the infrastructure which you need for this exercise sheet should work fine.

Have Fun!

Tutorial Slot

Written on 23.04.19 by Sebastian Roth

The Doodle has spoken! Thus, the Tutorial will take place every Thursday 8:30 - 10 in the CISPA Lecture Hall.
We will explain topics regarding the current project, answer questions, and if there are any solutions, we will present them to you.
See you all on Wednessday for the Django 101 Lecture.

Lecture slides online

Written on 15.04.19 by Ben Stock

As part of an experiment I want to run, I have uploaded the slides for Wednesday's lecture so you can take notes on them. I have removed the quiz answers, but feel free to think about them beforehand :)

Lecture recordings and tutorial date

Written on 10.04.19 by Ben Stock

The information on how lecture recordings can be accessed is available through the CMS at https://cms.cispa.saarland/websec19/4/Lecture_Recordings

The doodle for the tutorial slot is available at https://doodle.com/poll/syfirvezgkku6k7b

Finally, should you decide to not take the course, please… Read more

The information on how lecture recordings can be accessed is available through the CMS at https://cms.cispa.saarland/websec19/4/Lecture_Recordings

The doodle for the tutorial slot is available at https://doodle.com/poll/syfirvezgkku6k7b

Finally, should you decide to not take the course, please let us know so we can unregister you. Due to hardware restrictions, we can only provide 80 VMs and only students enrolled in the CMS will get a VM. For now, there are 75 students signed up for the course.

First lecture

Written on 09.04.19 by Ben Stock

The first lecture will commence tomorrow at 10:15 in the CISPA lecture hall. If you haven't been to CISPA before, to get to the lecture hall, please turn left when you enter the building and just go straight ahead. 

Privacy Policy | Legal Notice
If you encounter technical problems, please contact the administrators.