News

Currently, no news are available

The Web Security Seminar

For registration, please apply for this seminar through the central seminar assignment system.

The Web Security Seminar will teach students to present, analyze, discuss, and summarize papers in different areas of Web security. The seminar combines a reading group with (almost) weekly meetings and a regular seminar, where students will write a seminar paper.

Each student will get a topic assigned, consisting of a lead and a follow-up paper. The student will present the follow-up paper in a 20-minute presentation followed by a 10-minute Q&A. Afterwards we will all discuss the lead paper as a reading group. All students must read the lead paper and, before each session, must submit a summary with strengths and weaknesses.

Finally, each student will write a seminar paper on the topic assigned to them, for which the two papers serve as the starting point.

New this years: Any use of LLMs/GenAI is strictly forbidden for producing or polishing the text of the seminar papers. We will thoroughly investigate any suspicious text we find in the submitted manuscripts, e.g., via an oral exam in which the student is invited to explain the text.

 

Important Details

  • Kickoff on Monday, 21.10.2024, 10:15-12:00, CISPA main building, room 0.07
  • (Semi) Regular seminar sessions on Mondays. First session is on Monday, 04.11.2024, 10:15-12:00
  • Each Friday at 11:59 before each session, submit the paper summary (one page max) with discussion points: three items for the strengths, three items for the weaknesses, and future work
  • Optional feedback round before your session (arrange exact time with your supervisor)
  • Attendance in all meetings and submission of summary and discussion points for each topic is mandatory. For exceptional cases, contact the teaching staff.
  • Note that we will not offer a hybrid solution: We plan to have in-person, weekly, seminar meetings during the semester.

 

Seminar Paper Details

We will cover the different types of seminar paper during the kickoff session.

All seminar papers are due on (see below). Based on your submission, you will receive feedback within one week and have until (see below) to improve your paper. The paper grading will be on the final version. Note that the first submission must already be sufficient to pass. If you submit a half-baked version of the paper, you will likely fail the course.

Each paper must use the provided template and all the text must be written via Overleaf in a project monitored by the organizers of the seminar. It must not be longer than 8 pages, not counting references and appendices. Note that appendices are not meant to provide information that is absolutely necessary to understand the paper, but rather to provide auxiliary material. Papers can be shorter, but in general the provided page limit is a good indicator of how long a paper should be.

 

Schedule, List of Topics, and Papers

Date Time Content Tutor Main paper (discussed) Follow-up papers (presented)
21.10.24 10:00-12:00 Kickoff - - -
28.10.24   (break)      

04.11.24

(Different room: 0.05 lecture hall)

10:00-12:00 Automatic Exploit Generation Cris Test Suites Guided Vulnerability Validation for Node.js Applications NODEMEDIC-FINE: Automatic Detection and Exploit Synthesis for Node.js Vulnerabilities
11.11.24 10:00-12:00 Browser Extensions Fingerprinting Shubham Peeking through the window: Fingerprinting Browser Extensions through Page-Visible Execution Traces and Interactions Escaping the Confines of Time: Continuous Browser Extension Fingerprinting Through Ephemeral Modifications
18.11.24 10:00-12:00 Detection of Malicious Web Extensions Valentino Mystique: Uncovering Information Leakage from Browser Extensions You’ve Changed: Detecting Malicious Browser Extensions through their Update Deltas
25.11.24 10:00-12:00 (Geo)Location-based Accessibility Hurdles Masud Digital Discrimination of Users in Sanctioned States: The Case of the Cuba Embargo Measuring the Deployment of Network Censorship Filters at Global Scale
02.12.24 10:00-12:00 Access Control Vulnerabilities in Web Applications Alex Finding Access Control Bugs in Web Applications with CanCheck Automated Black Box Detection of HTTP GET Request-based Access Control Vulnerabilities in Web Applications

09.12.24

(Different room: 0.05 lecture hall)

10:00-12:00 The LoggedIn Web: A New Security Frontier Jannis To Auth or Not To Auth? A Comparative Analysis of the Pre- and Post-Login Security Landscape A Large-Scale Measurement of Website Login Policies
16.12.24 10:00-12:00 Type Confusion in Gradually Typed Languages Dominic Typed and Confused: Studying the Unexpected Dangers of Gradual Typing TypeDevil: Dynamic Type Inconsistency Analysis for JavaScript
23.12.24   (break)      
30.12.24   (break)      
06.01.25 10:00-12:00 Drafts Discussion      
13.01.25 10:00-12:00 Security and Privacy Implications of JavaScript Bundling Cris Jack-in-the-box: An Empirical Study of JavaScript Bundling on the Web and its Security Implications Unbundle-Rewrite-Rebundle: Runtime Detection and Rewriting of Privacy-Harming Code in JavaScript Bundles
20.01.25 10:00-12:00 Phishing Detection Giada Knowledge Expansion and Counterfactual Interaction for Reference-Based Phishing Detection KnowPhish: Large Language Models Meet Multimodal Knowledge Graphs for Enhancing Reference-Based Phishing Detection
27.01.25 10:00-12:00 Security of Emerging JavaScript Runtimes Abdullah Welcome to Jurassic Park: A Comprehensive Study of Security Risks in Deno and its Ecosystem GHunter: Universal Prototype Pollution Gadgets in JavaScript Runtimes
03.02.25 10:00-12:00 Web Security for Visually Impaired Users Andrea A Research Framework and Initial Study of Browser Security for the Visually Impaired "I'm Literally Just Hoping This Will Work: " Obstacles Blocking the Online Security and Privacy of Users with Visual Disabilities
Privacy Policy | Legal Notice
If you encounter technical problems, please contact the administrators.