CISPA – Helmholtz-Zentrum für Informationssicherheit gGmbH
The Secure Web Applications Group conducts research in the area of Web Security in general. To familiarize yourself with the work our group does, please checkout this page.
Want to join the Secure Web Applications Group as a PhD student? Great! We have a challenge for you first, though. Note that any applications without a solution will not be considered.
There is a hip new portal for owl dating that is privacy-friendly. Owley Madison does not simply store your contacts on the server where they might get compromised, but instead uses client-side storage for ensure privacy. We know that you can send URLs to a victim user (through https://gameserver.websec.saarland/owley, use CAPTCHA SWAG{crawler}), but you will have to find a way to steal his secret. We know that he likes to share it in the chat with his favorite owl, so maybe there is something you can find out there?
Can you steal the flag that the crawler owl inputs to its Owley chat partner? You will have to install a keylogger on the chat page, but the creators made sure to put all the functionality on separate subdomains to defend against XSS, so it may be necessary to abuse a SOP relaxation mechanism to correctly place your payload.
Looking for some inspiration on what to do? Possibly this paper, that one, and finally not trusting the locals might be beneficial.
Once you have the solution, briefly explain how you achieved it and put the flag into your cover letter. Note that any applications without that flag will not be considered. In case of questions about the task, contact Ben Stock directly.
Strong background in computer security, with a specific focus on Web Security. Having played CTFs helps, but is not required.
Programming skills. It helps to have good programming skills in Python and JavaScript.
Excellent English, but no German! CISPA is a fully international research institute. Knowing German is really not necessary, although daily life is a bit smoother if you speak a few words and if you want to learn German, we offer free courses.
Qualified candidates who wish to pursue a doctoral degree in a research area covered by CISPA faculty may apply at any time. We will accept applications throughout the year for exceptionally strong candidates. Admitted applicants will have an opportunity to visit the center and its partner institutions and interact with faculty and students before making their decision. Admitted students are advised by CISPA faculty. All doctoral researchers at CISPA will be a member of a graduate program at our partnering degree-granting universities. For example, PhD Students in Saarbrücken are part
Research Associate (gn) Berlin Vollzeit Hertie School of Governance PhD Students Saarbrücken Vollzeit CISPA – Helmholtz-Zentrum für Informationssicherheit gGmbH PhD student (f_m_x) Rock physics - GEOZEIT/HyPrepare project [english] Potsdam Vollzeit Deutsches GeoForschungsZentrum - GFZ
PhD Student in Molecular Biology Heidelberg Vollzeit Deutsches Krebsforschungszentrum Promotionsstelle: Seismologie und Artifizielle Intelligenz Frankfurt am Main Vollzeit Frankfurt Institute for Advanced Studies (FIAS)