CISPA is currently in the founding process to join the German Helmholtz Association as a new member. It is consequently undergoing significant organizational changes, which are not yet reflected on this webpage.

For further information on the above mentioned founding process, please refer to the official press release by the State Chancellery of Saarland.

Recent News on the Transformation Process


The location of the first construction phase has been agreed upon. For further information, please refer to the official press release .

Ben Stock
Dr.-Ing. | Faculty

  • Secure Web Applications
  • Building E9 1, Room 3.19
  • +49 681 302 57377
  • stock(aeht)cs.uni-saarland.de
  • Personal Webpage

Curriculum Vitae

Personal Information

I am a research group leader at the Center for IT-Security, Privacy and Accountability (CISPA) at Saarland University. Prior to that, I was a postdoctoral researcher at CISPA in the group of Michael Backes. Before joining CISPA, I was a PhD student and research fellow at the Security Research Group of the University Erlangen-Nuremberg, supervised by Felix Freiling. During that time, I was fortunate enough to join Ben Livshits and Ben Zorn at Microsoft Research in Redmond for an internship.
I offer thesis in the general area of Web and network security. If you are interested in these areas, please contact me to discuss potential topics.



Efficient and Flexible Discovery of PHP Application Vulnerabilities

How the Web Tangled Itself: Uncovering the History of Client-Side Web (In)Security


On the Feasibility of TTL-based Filtering for DRDoS Mitigation

Hey, You Have a Problem: On the Feasibility of Large-Scale Web Vulnerability Notification

Kizzle: A Signature Compiler for Detecting Exploit Kits


From Facepalm to Brain Bender: Exploring Client-Side Cross-Site Scripting

The Unexpected Dangers of Dynamic JavaScript


Precise Client-side Protection against DOM-based Cross-Site Scripting

Protecting Users Against XSS-based Password Manager Abuse

DOM-basiertes Cross-Site Scripting im Web: Reise in ein unerforschtes Land.


25 Million Flows Later - Large-scale Detection of DOM-based XSS

Eradicating DNS Rebinding with the Extended Same-Origin Policy

Implementing low-level browser-based security functionality


Walowdac-analysis of a peer-to-peer botnet