Who we are

We are a team of researchers from the CISPA Helmholtz Center for Information Security in Germany, specifically from the Secure Web Applications Group and the Usable Security Research Group.

Image of Lea Gröber

Lea Gröber

Image of Sebastian Roth

Sebastian Roth

Image of Katharina Krombholz

Dr. Katharina Krombholz

Image of Ben Stock

Dr. Ben Stock

What we work on

With this line of research, we want to improve the usability of Web Security mechanisms. Thus, we study real-world issues developers face when working with different security mechanisms, as well as strategies for successful deployment. Check out our work on the Content Security Policy to get an impression of our research.

The mechanism that we are currently focused on is Trusted Types (TT), which enables a Web site's operator to enforce sanitization of input to JavaScripts APIs prone to client-side XSS.

Trusted Types is still a work in progress, and we want to take the opportunity to include the perspective of real-world web developers. Therefore, we are conducting 2 studies to (1) get Web developers' feedback, and to (2) improve Trusted Types accordingly:

[1] Usability Study You learn about TT and test the mechanism with us in a coding task.

[2] Design Study You participate in online GitHub + Group discussions to improve TT.

Want to learn about Trusted Types?

We are looking for Web Developers to help us improve Trusted Types. You may participate in either one, or both of the studies. Fill in our screening survey to sign-up.