E-mail senden E-Mail Adresse kopieren
© Tobias Ebelshäuser


Secure Web Applications Group

The Secure Web Applications Group (or SWAG, for short) conducts its research in all areas related to Web Security. Of particular focus is research around client-side security, in the detection, analysis, and mitigation of attacks around JavaScript. In addition, we research how to best communicate discovered vulnerabilities to affected operators. Furthermore, we investigate how malicious JavaScript may adversely affect users on the Web, researching both novel ways of detecting such scripts and attacking existing defensive solutions.


Ben Stock



Kaiserstraße 21
66386 St. Ingbert (Germany)

Neueste Veröffentlichungen

Jahr 2022

Konferenz / Medium

ACM CCS 2022The 29th ACM Conference on Computer and Communications Security (CCS)

Konferenz / Medium

The 29th ACM Conference on Computer and Communications Security (CCS)The 29th ACM Conference on Computer and Communications Security (CCS)

Konferenz / Medium

ACM Internet Measurement ConferenceACM Internet Measurement Conference

Konferenz / Medium

31st USENIX Security Symposium31st USENIX Security Symposium

Konferenz / Medium

IEEE European Symposium on Security and PrivacyIEEE European Symposium on Security and Privacy



The Web is arguably the most popular platform for information exchange today. To allow for a better user experience, much functionality is shifted towards the client. This shift also increases the complexity of client-side code and hence the attack surface (Stock et al. 2017). This can be exhibited in increased vulnerabilities such as Client-Side Cross-Site Scripting (Lekies, Stock, and Johns 2013). We therefore try to better understand these issues (Stock et al. 2015; Steffens et al. 2019) and develop and evaluate potential solutions (Stock et al. 2014; Musch et al. 2019). In general, our research investigates all types of client-side Web security, including areas such as CSP (Roth et al. 2020; Roth, Backes, and Stock 2020) and framing control (Calzavara et al. 2020).

Although detection of many types of web-based flaws has been in the focus of researchers over the previous years, notifying affected parties barely got any attention. For this project, we try to identify potential channels for notification and evaluate their effectiveness (Stock et al. 2016). Also, we try to improve not only on technical measures like avoiding spam filters, but also try to understand the human aspects of a notification, such as how different wording might influence the success of a notification. (Stock et al. 2018)

With its prevalence in the browser, JavaScript also makes for a prime target for attackers. Therefore, our group researches new ways of detecting malicious JavaScript in the wild. Specifically, this subsumes work in which we automatically generate signatures for exploit kits, alleviating the burden of malware analysists (Stock, Livshits, and Zorn 2016). In addition, our work focusses on detection of malicious JavaScript in general through methods of machine learning (Fass et al. 2018; Fass, Backes, and Stock 2019) and novel ways of bypassing existing static analysis tools (Fass, Backes, and Stock 2019).