Grades are on LSF

Written on 25.08.23 by Giancarlo Pellegrino

All - grades are on LSF.


Draft submission feedback now visible

Written on 19.07.23 by Giancarlo Pellegrino

As per title: tutors' feedback is now visible! Your next deadline is on 12.08.23.

Tutor session on July 5

Written on 04.07.23 (last change on 04.07.23) by Giancarlo Pellegrino

(edit: forgot a "NOT")

Dear students,

Inform your tutor if you are going to attend the session of tomorrow. These are the email addresses of our tutors:

  • Andrea:
  • Aleksei:
  • Gianluca:
  • Giada:… Read more

(edit: forgot a "NOT")

Dear students,

Inform your tutor if you are going to attend the session of tomorrow. These are the email addresses of our tutors:

  • Andrea:
  • Aleksei:
  • Gianluca:
  • Giada:
  • Soheil:

Please note that no email means you will NOT participate.


Topic assignment done. First session on May 3!

Written on 19.04.23 by Giancarlo Pellegrino

All - the topic assigned is done. You can find it here

Please note that there's been a slight adjustment of our schedule and the first meeting is on May 3, topic Security and Privacy in WebXR.

See you in two weeks! 

Seminar assignment and topic preference

Written on 17.04.23 by Giancarlo Pellegrino

@all - small update. Tthe seminar assignments will happen tomorrow, Tue Apr 18. As soon as you are assigned to this seminar, send me your topic selection.



The Web Security Seminar

For registration, please apply for this seminar through the central seminar assignment system.


In this seminar, students will learn to present, analyze, discuss, and summarize papers in different areas of Web security. The seminar is taught as a combination of a reading group with weekly meetings and a regular seminar, where you have to write a seminar paper. Specifically, each student will get a single topic assigned to them, consisting of two papers (a lead and follow-up paper).

For the (almost) weekly meetings, all students must read the lead paper and write a one-page summary of the paper, including discussion points, before the meeting. In the meeting, the assigned student will present the follow-up paper (20-minute presentation + 10-minute Q/A). Afterward, the entire group will discuss both papers.

Finally, each student will write a seminar paper on the assigned topic, for which the two papers on the topic serve as the starting point.


Important Details

  • Kickoff on Wednesday, 12.04.2023, 14:00-16:00, CISPA main building, room 0.02
  • (Semi) Regular seminar sessions on Wednesdays. First session is on Wednesday, 26.04.2023, 14:00-16:00 Wednesday, 03.05.2023, 14:00-16:00
  • Each Tuesday at 23:59 before each session, submit the paper summary (one page max) with discussion points: three items for the strengths, three items for the weaknesses, and future work
  • Optional feedback round/practice talk on Thursday before the presentation (arrange exact time with supervisor)
  • Attendance in all meetings and submission of summary and discussion points for each topic is mandatory. For exceptional cases, contact the teaching staff.
  • Note that we will not offer a hybrid solution. We plan to have in-person meetings as long as possible and switch to fully online if the need arises.

Seminar Paper Details

We will cover the different types of seminar paper during the kickoff session.

All seminar papers are due on (see below). Based on your submission, you will receive feedback within one week and have until (see below) to improve your paper. The paper grading will be on the final version. Note that the first submission must already be sufficient to pass. If you submit a half-baked version of the paper, you will likely fail the course.

Each paper must use the provided template. It must not be longer than 8 pages, not counting references and appendices. Note that appendices are not meant to provide information that is absolutely necessary to understand the paper, but rather to provide auxiliary material. Papers can be shorter, but in general the provided page limit is a good indicator of how long a paper should be.


Schedule, List of Topics, and Papers

Date Time Content More info
2023-04-12 14:00-16:00 Kickoff meeting  
2023-04-19 - (break)


2023-04-26 14:00-16:00 Session 1 (cancelled) Topic: Account (Pre)Hijacking Attacks
Tutor: Soheil
Main paper (discussion):
O Single Sign-Off, Where Art Thou? An Empirical Analysis of Single Sign-On Account Hijacking and Session Management on the Web.
Follow-up paper (presented): Pre-hijacked accounts: An Empirical Study of Security Failures in User Account Creation on the Web.
2023-05-03 14:00-16:00 Session 2 Topic: Third-party Inclusions in WebXR
Tutor: Andrea
Main paper (discussion): OVRseen: Auditing Network Traffic and Privacy Policies in Oculus VR
Follow-up paper (presented): AdCube: WebVR Ad Fraud and Practical Confinement of Third-Party Ads.
2023-05-10 14:00-16:00 Session 3 Topic: Finding Web Vulnerabilities with ML
Tutor: Gianluca
Main paper (discussion): Mitch: A Machine Learning Approach to the Black-Box Detection of CSRF Vulnerabilities.
Follow-up paper (presented): Black-Box Detection of Cross-Site Scripting Vulnerabilities Using Reinforcement Learning.
2023-05-17 14:15-16:00 First meeting w/ tutors  
2023-05-24 - (break)  
2023-05-31 - (break)  
2023-06-07 14:15-16:00

Session 4

Topic: Phishing Detection via UI
Tutor: Giada
Main paper (discussion): Inferring phishing intention via webpage appearance and dynamics: A deep vision based approach.
Follow-up paper (presented): PhishInPatterns: measuring elicited user interactions at scale on phishing websites.
2023-06-14 14:15-16:00 Session 5 Topic: Black-Box Web Application Scanning
Tutor: Aleksei
Main paper (discussion): Black widow: Blackbox data-driven web scanning.
Follow-up paper (presented): ReScan: A Middleware Framework for Realistic and Robust Black-box Web Application Scanning.
2023-06-21 14:15-16:00 Session 6 Topic: Anti-Bot Evasion in Phishing Webpages
Tutor: Giada
Main paper (discussion): Are you human? resilience of phishing detection to evasion techniques based on human verification.
Follow-up paper (presented): A Human in Every APE: Delineating and Evaluating the Human Analysis Systems of Anti-Phishing Entities.
2023-06-28 14:15-16:00 Session 7 Topic: XS-Leaks Detection
Tutor: Soheil
Main paper (discussion): Cross-origin state inference (COSI) attacks: Leaking web site states through xs-leaks.
Follow-up paper (presented): The Leaky Web: Automated Discovery of Cross-Site Information Leaks in Browsers and the Web
2023-07-05 14:15-16:00 Second meeting w/ tutors  
2023-07-12 - Draft report deadline  
2023-08-12 - Final report deadline  
Privacy Policy | Legal Notice
If you encounter technical problems, please contact the administrators.