Send email Copy Email Address
Research Group

Stock

Secure Web Applications Group

The Secure Web Applications Group (or SWAG, for short) conducts its research in all areas related to Web Security. Of particular focus is research around client-side security, in the detection, analysis, and mitigation of attacks around JavaScript. In addition, we research how to best communicate discovered vulnerabilities to affected operators. Furthermore, we investigate how malicious JavaScript may adversely affect users on the Web, researching both novel ways of detecting such scripts and attacking existing defensive solutions. Want to work with us? See the details for PhD students, thesis students, and student helper at our jobs page.

Head of Group

Ben Stock

Email

Address

Kaiserstraße 21
66386 St. Ingbert (Germany)

Members

Kristina Mitkov

Jannis Rautenstrauch

Florian Hantke
Placeholder

Lea Vorndran

Ali Mustafa

Most Recent Publications

Year 2026

2026-05-18

LeakyLinks: Measuring the Security and Privacy Risks of URL Scanning Services

Conference / Medium

IEEE Symposium on Security and Privacy (S&P)
LeakyLinks: Measuring the Security and Privacy Risks of URL Scanning Services

Tags
Authors
Full Paper Visit Detail Page

Year 2025

2025-12-22

VDPCollect: Vulnerability Disclosure Programs as a Complement to Web Security Measurements

Conference / Medium

ACM ASIA Conference on Computer and Communications Security (AsiaCCS)
VDPCollect: Vulnerability Disclosure Programs as a Complement to Web Security Measurements

Tags
Authors
Full Paper Visit Detail Page
2025-10-28

A Permissions Odyssey: A Systematic Study of Browser Permissions on Modern Websites

Conference / Medium

ACM Internet Measurement Conference (IMC)
A Permissions Odyssey: A Systematic Study of Browser Permissions on Modern Websites

Tags
Empirical & Behavioral Security
Authors
Full Paper Visit Detail Page
2025-10-14

Behind the Curtain: A Server-Side View of Web Session Security

Conference / Medium

IEEE Cybersecurity Development (SecDev)
Behind the Curtain: A Server-Side View of Web Session Security

Tags
Empirical & Behavioral Security
Authors
Full Paper Visit Detail Page
2025-10-13

Head(er)s Up! Detecting Security Header Inconsistencies in Browsers

Conference / Medium

ACM Conference on Computer and Communications Security (CCS)
Head(er)s Up! Detecting Security Header Inconsistencies in Browsers

Tags
Empirical & Behavioral Security
Authors
Full Paper Visit Detail Page