⁦@datenkeller⁩ talks about 3rd-Party JavaScript at #ITDefense

Sanitizer functions can be used to mitigate malicious code. Watch David Klein share his insights about custom JavaScript sanitizer functions. RuhrSec Ticketshop - Get your ticket know! 👉 ruhrsec.de/2023/tickets.h… 🌐 ruhrsec.de/2023/ #itsecurity #conference #Java #ITtalk

We are excited to announce our next speaker: "Server-Side Browsers: Exploring the Web’s Hidden Attack Surface" by MariusM. Conference program, more information and details on our website: 🌐 ruhrsec.de/2023/ #itsecurity #itsicherheit #cybersicherheit #conference

And now catch up on: "Hand Sanitizers in the Wild: A Large-Scale Study of Custom JavaScript Sanitizer Functions" by David Klein. Conference program, more information and details on our website: 🌐 ruhrsec.de/2023/ #itsecurity #itsicherheit #cybersicherheit #conference

I'm considering launching OCaml Meetups in various major cities in Europe (for now). I'm looking for OCaml enthusiasts to co-host these Meetups. Interested? Send me a DM and let's chat! RTs are appreciated!

Big change coming to USENIX Security starting 2025. "Starting with USENIX Security '25, we will be decoupling paper publication from paper presentation, so not all papers will have full-length talk presentations at the conference." usenix.org/blog/2023-usen…

The 3rd Workshop on Rethinking Malware Analysis (WoRMA) will be co-located with EuroS&P 2024, in Vienna, Austria ☕️🏛️🏔️. Submit your work, be that novel technical research or a position/open-problem paper! worma.gitlab.io/2024/

The call for papers of the #SecWeb workshop (co-located with IEEE Security and Privacy) is now online! The deadline is in 1 month. Please consider submitting your web security and privacy research here! secweb.work/2024.html cc Marco Squarcina

Fuzzing is hard, evaluating fuzzing is harder 🔥 For our new IEEE S&P paper, we studied 150 fuzzing evals and found issues such as lackluster documentation, bad experiment setups, or questionable CVEs 📄 Paper mschloegel.me/paper/schloege… 🔧 Help us fix this github.com/fuzz-evaluator…

Hey Marco Squarcina, the self nomination link for Madweb 2025 is broken. Looks like the markdown conversion failed and the URL points to the form for 24.

The reason most PHP-based HTML sanitizers are inherently vulnerable to bypasses is just the tip of the iceberg🥶. Check out our latest blog post to learn why server-side sanitization is doomed to fail. sonarsource.com/blog/sanitize-… #appsec #security #vulnerability #php

🚀 Check out the #RuhrSec 2025 program! 💡 14 expert talks are waiting for you. 🎟️ Don’t miss out—get your ticket now and join us! 👉 ruhrsec.de/2025/tickets.h… #itsecurity #itsicherheit #cybersecurity #cybersicherheit #itsecurityconference #bochum #NRW

This year, there has been a lot of great research about HTML and sanitizers. I finally decided to organize my scripts to one package and am ready to present the HTML Universal Identifier (HUI). It's still a pretty raw version, but here it is: github.com/Slonser/hui

Just returned from #BHEU. I presented my research on how server-side HTML sanitization is a security nightmare due to the mess that is HTML parsing. Huge thanks to Black Hat, Vandana Verma, and all the other great folks who made this such an amazing experience.

USENIX WOOT Conference on Offensive Technologies 2025 (WOOT '25) CFP is online! Deadlines: - Up-and-coming track: March 4th, 2025 - Academic track: March 11, 2025 usenix.org/conference/woo…

At the beginning of December, CASA PhD David Klein was at BlackHat Europe Black Hat to present ‘Parse Me, Baby, One More Time: Bypassing HTML Sanitizer via Parsing Differentials’. Of course, the Casafant joined this talk. Full paper ➡️ ias.cs.tu-bs.de/publications/p…

Voting is now live for the Top Ten (New) Web Hacking Techniques of 2024! Browse the nominations & cast your votes here: portswigger.net/polls/top-10-w…

The amazing last talk for today: "Parse Me, Baby, One More Time: Bypassing HTML Sanitizer via Parsing Differentials." by David K.. 🌐 #RuhrSec Website ruhrsec.de/2025/ 📖 RuhrSec Program ruhrsec.de/2025/index.htm… #itsecurity #itsicherheit #cybersecurity

Heading to Black Hat Asia now! Leon Trampert and I will give a briefing about deanonymizing users not only on the web but also in their email clients! #BHASIA

Enjoy our great speakers in action with Keynotes by Ben Stock – Ben Stock and Daniel Gruss – Daniel Gruss. Playlist of #RuhrSec 2025 – 14 Talks 🌐 youtube.com/playlist?list=… Our YouTube Channel – Like and Subscribe 👍 🌐 youtube.com/@hackmanit-it-… #itsecurity #itsicherheit