Episode 30 of CISPA TL;DR: Server-Side-Scanning with Florian Hantke

In this episode, web security researcher Florian Hantke shares why the majority of web vulnerabilities can hardly be scientifically investigated so far. That's because they are on the server side. As targeted server-side scanning by researchers could expose sensitive data on the one hand and lead to server downtime and thus financial losses on the other, the process is problematic both legally and ethically. The consequence is that many vulnerabilities remain undiscovered and could therefore be exploited by attackers.

In discussions with legal scholars, server operators and ethicists, Florian has gained valuable new insights. He hopes that in the future there will be a clear legal framework within which researchers will also be allowed to search for vulnerabilities on the server side in order to draw the attention of operators to security gaps.  However, the legal situation is not the only obstacle on the path to greater web security. In the podcast, Florian explains what other hurdles there are. The conversation was recorded in German. Have fun listening!

TL;DR, short for "Too Long Didn't Read", is the name of the CISPA podcast, with "Women in Cybersecurity" as a special edition. We have been on air since 2022 and are available on all major podcast platforms. Every month, we talk to CISPA researchers about their work on cybersecurity topics and artificial intelligence and try to ask them exactly the questions that listeners are asking themselves. Our aim is to explain complex topics in simple language. Since people from 49 nations work at CISPA, the conversations are conducted in both German and English, alternatingly.