The Secure Web Applications Group conducts research in the area of Web Security in general. To familiarize yourself with the work our group does, please checkout this page.

Want to join the Secure Web Applications Group as a PhD student? Great! We have a challenge for you first, though. Note that any applications without a solution will not be considered.

There is a hip new portal for owl dating that is privacy-friendly. Owley Madison does not simply store your contacts on the server where they might get compromised, but instead uses client-side storage for ensure privacy. We know that you can send URLs to a victim user (through https://gameserver.websec.saarland/owley, use CAPTCHA SWAG{crawler}), but you will have to find a way to steal his secret. We know that he likes to share it in the chat with his favorite owl, so maybe there is something you can find out there?

Can you steal the flag that the crawler owl inputs to its Owley chat partner? You will have to install a keylogger on the chat page, but the creators made sure to put all the functionality on separate subdomains to defend against XSS, so it may be necessary to abuse a SOP relaxation mechanism to correctly place your payload.

Once you have the solution, briefly explain how you achieved it and put the flag into your cover letter. Note that any applications without that flag will not be considered. In case of questions about the task, contact Ben Stock directly.

Apply now

Application Process

Qualified candidates who wish to pursue a doctoral degree in a research area covered by CISPA faculty may apply at any time. We will accept applications throughout the year for exceptionally strong candidates. Admitted applicants will have an opportunity to visit the center and its partner institutions and interact with faculty and students before making their decision. Admitted students are advised by CISPA faculty. All doctoral researchers at CISPA will be a member of a graduate program at our partnering degree-granting universities. For example, PhD Students in Saarbrücken are part of the S aarbrücken Graduate School of Computer Science at Saarland University , with whom we have a long-standing close collaboration.

CISPA is committed to increasing the representation of women, minorities, and individuals with disability in Computer Science. In accordance with the Equal Opportunity Plan, CISPA aims at increasing the number of women in Computer Science, and explicitly encourages women to apply. Applications of severely disabled candidates with equivalent qualifications will be given priority. In general, we welcome applications regardless of gender, nationality, ethnic and social origin, religion/belief, disability, age, sexual orientation and identity.

In case of interest in working at CISPA, please press the "Apply now" button at the end of the page. Please upload your documents in PDF format on our application platform. Applications via email cannot be accepted.

For any questions regarding the application process, please contact us at applications@cispa.de.

About CISPA

CISPA Helmholtz Center for Information Security is a German national Science Institution within the Helmholtz Association and provides a unique work environment that offers the advantage of a university department and a research laboratory alike. CISPA's mission is to rethink the digitized world of the future from the ground on up an make it safer through innovative cutting-edge research. CISPA is committed to the highest international academic standards. We offer a world-class research environment that grants extensive resources to a wide range of researchers and constitutes an attractive destination for the best talents and scientists from all countries. CISPA provides a highly international and diverse working environment, currently hosting researchers of over 40 nationalities.

CISPA headquarter is located in Saarbrücken, in the tri-border area of Germany, France and Luxembourg. The CISPA campus is located close to Saarland University, which is known for its excellence in Computer Science, the Max Planck Institute for Informatics, the Max Planck Institute for Software Systems, and the German Research Center for Artificial Intelligence (DFKI).

For more information about CISPA, see https://cispa.de/en

All information on the processing of your personal data, your statements in the application process and your data privacy rights can be found in our data privacy policy .