News

Seminar Registration on LSF

Written on 23.04.25 by Shubham Agarwal

Dear all,

Please do not forget to register for the seminar on the LSF Portal before 07.05.2025. Note that it is a mandatory step to successfully obtain the corresponding grades in the end.

See you all next week (29.04.2025).

Best

The Web Security Seminar Team

Assignments uploaded

Written on 16.04.25 by Cristian-Alexandru Staicu

Dear all,

Thank you for providing your topic preferences on time. Please find the assignments on the main page of the seminar (in the detailed schedule part). Do not hesitate to reach out to your tutor for clarifications regarding the paper's objective or structure.

See you all on the 29th of… Read more

Dear all,

Thank you for providing your topic preferences on time. Please find the assignments on the main page of the seminar (in the detailed schedule part). Do not hesitate to reach out to your tutor for clarifications regarding the paper's objective or structure.

See you all on the 29th of April! Best,

The Web Security Seminar Team

Kickoff slides

Written on 15.04.25 by Aurore Fass

Dear all,

The slides from the kickoff presentation are now online, here: https://cms.cispa.saarland/websecsem_sose25/dl/5/Kickoff_Slides.pdf

Please, remember to bid *tonight* April 15 before 23:59 and email your top 3 preferred topics to staicu@cispa.de.

 

Best,

Aurore

The Web Security Seminar

For registration, please apply for this seminar through the central seminar assignment system.

The Web Security Seminar will teach students to present, analyze, discuss, and summarize papers in different areas of Web security. The seminar combines a reading group with (almost) weekly meetings and a regular seminar, where students will write a seminar paper.

Each student will get a topic assigned, consisting of a lead and a follow-up paper. The student will present the follow-up paper in a 20-minute presentation followed by a 10-minute Q&A. Afterwards we will all discuss the lead paper as a reading group. All students must read the lead paper and, before each session, must submit a summary with strengths and weaknesses.

Finally, each student will write a seminar paper on the assigned topic, for which the two papers serve as the starting point. Special attention should be paid at fulfilling the seminar paper's objective.

Any use of LLMs/GenAI is strictly forbidden for producing or polishing the text of the seminar papers. We will thoroughly investigate any suspicious text we find in the submitted manuscripts, e.g., via an oral exam in which the student is invited to explain the text.

 

Important Details

  • Kickoff on Tuesday, 15.04.2025, 12:15-14:00, CISPA main building, room 0.07
  • (Semi) Regular seminar sessions on Tuesday. First session is on Tuesday, 29.04.2025, 12:15-14:00
  • Each Sunday at 23:59 before each session, submit the paper summary (one page max) with discussion points: three items for the strengths, three items for the weaknesses, and future work
  • Optional feedback round before your session (arrange exact time with your supervisor)
  • Attendance in all meetings and submission of summary and discussion points for each topic is mandatory. For exceptional cases, contact the teaching staff.
  • Note that we will not offer a hybrid solution: We plan to have in-person, weekly, seminar meetings during the semester.

 

Seminar Paper Details

We will cover the different types of seminar paper during the kickoff session.

All seminar papers are due on (see below). Based on your submission, you will receive feedback within one week and have until (see below) to improve your paper. The paper grading will be on the final version. Note that the first submission must already be sufficient to pass. If you submit a half-baked version of the paper, you will likely fail the course.

Each paper must use the provided template and all the text must be written via Overleaf in a project monitored by the organizers of the seminar. It must not be longer than 8 pages, not counting references and appendices. Note that appendices are not meant to provide information that is absolutely necessary to understand the paper, but rather to provide auxiliary material. Papers can be shorter, but in general the provided page limit is a good indicator of how long a paper should be.

 

Schedule, List of Topics, and Papers

Date Time Content Tutor Main paper (discussed) Follow-up papers (presented)
15.04.25 12:15-14:00 Kickoff - - -
22.04.25   (break)      

29.04.25

 

12:15-14:00 Electron Application Security (Madhur Mansukhbhai) Shubham A Security Study about Electron Applications and a Programming Methodology to Tame DOM Functionalities Rise of Inspectron: Automated Black-box Auditing of Cross-platform Electron Apps
06.05.25 12:15-14:00 Offensive and Defensive Security with Service Workers (Bushra) Dolière Master of Web Puppets: Abusing Web Browsers for Persistent and Stealthy Computation SWAPP: A New Programmable Playground for Web Application Security
13.05.25 12:15-14:00 Web Security Scanners (Amr) Alex YuraScanner: Leveraging LLMs for Task-driven Web App Scanning Black Widow: Blackbox Data-driven Web Scanning
20.05.25 12:15-14:00 Implications of Digital Disparities on Web Security and Privacy (Athul) Masud Digital Disparities: A Comparative Web Measurement Study Across Economic Boundaries Dissecting Privacy Perspectives of Websites Around the World: "Aceptar Todo, Alle Akzeptieren, Accept All..."
27.05.25 12:15-14:00 The Dangers of Shared State in Extended Reality Environment (Esha) Andrea The Big Brother's New Playground: Unmasking the Illusion of Privacy in Web Metaverses from a Malicious User's Perspective That Doesn't Go There: Attacks on Shared State in Multi-User Augmented Reality Applications

03.06.25

(Different room: TBA)

12:15-14:00

Detection of Malicious Browser Extensions (Chang)

Valentino Arcanum: Detecting and Evaluating the Privacy Risks of Browser Extensions on Web Pages and Web Content You’ve Changed: Detecting Malicious Browser Extensions through their Update Deltas
10.06.25 12:15-14:00 Security of Emerging JavaScript Runtimes (Davide) Abdullah Welcome to Jurassic Park: A Comprehensive Study of Security Risks in Deno and its Ecosystem GHunter: Universal Prototype Pollution Gadgets in JavaScript Runtimes
17.06.25 12:15-14:00

Type Confusion in Gradually Typed Languages (Laith)

Dominic Typed and Confused: Studying the Unexpected Dangers of Gradual Typing TypeDevil: Dynamic Type Inconsistency Analysis for JavaScript
24.06.25 12:15-14:00 Security and Privacy of Multilingual Web (Christina) Cris Trojan Source: Invisible Vulnerabilities Birthday, Name and Bifacial-security: Understanding Passwords of Chinese Web Users
01.07.25 12:15-14:00

AI-Based Analysis (Abhishek Reddy)

Gianluca Mitch: A Machine Learning Approach to the Black-Box Detection of CSRF Vulnerabilities Link: Black-Box Detection of Cross-Site Scripting Vulnerabilities Using Reinforcement Learning
08.07.25 12:15-14:00 Access Control Vulnerabilities in Web Applications Alex Finding Access Control Bugs in Web Applications with CanCheck Automated Black Box Detection of HTTP GET Request-based Access Control Vulnerabilities in Web Applications
15.07.25 12:15-14:00 Automatic Exploit Generation Dominic Test Suites Guided Vulnerability Validation for Node.js Applications NODEMEDIC-FINE: Automatic Detection and Exploit Synthesis for Node.js Vulnerabilities
Privacy Policy | Legal Notice
If you encounter technical problems, please contact the administrators.