SBA Research is a research center for Information Security funded partly by the national initiative for COMET Competence Centers for Excellent Technologies. Within a network of more than 70 companies, 15 Austrian and international universities and research institutions, and many additional international research partners we jointly work on research challenges ranging from organizational to technical security to strengthen Europe’s Cybersecurity capabilities.
ISIS @ TU Wien IAIK @ TU Graz DKE @ Uni Wien NM @ WU Wien FH St. Pölten AIT


Young computer scientists participated in “Ethical Hacking-Bootcamp” at St. Pölten University of Applied Sciences

20 hand picked computer science students joined the “Ethical Hacking-Boot-camp” hosted by the St. Pölten University of Applied Sciences from September 4-6, 2019. The workshop was organized by the IT Security Hub Austria, SBA Research and the St. Pölten University of Applied Sciences, represented among others by Mr. FH-Prof. Univ.-Doz. Dipl.-Ing. Dr. Ernst Piller, Mr. Reinhard Kugler, MSc. and Mr. Helmut Kaufmann, MSc.

20 students were awarded the “Ethical Hacker Essentials” certificate

The students, who have completed their first year of the new program “Cyber-Security” at the computer science department, were very enthusiastic about the realization of this three-day event. They focused on topics related to network attacks, hacking methods, various weaknesses of the Internet and Internet of Things (IOT). In other words, attack possibilities or security gaps that could affect anyone in everyday life. The above-mentioned IT security challenges were not only dealt with theoretically, but were also tested in various practical exercises. In addition, all participating students were awarded the certificate “Ethical Hacker Essentials” after successfully passing the test.
This interesting boot camp does not only highlight the existing cooperation between the two institutions, but also functioned as an enriching course for the students of the computer science department, who are trained to become experts in IT security and cyber security. The demand for specialists in this field in our digitized society is growing all the time. Many thanks to the organizers for the great organization of this workshop!

1st International Summer School on Security & Privacy for Blockchains and Distributed Ledger Technologies Closes Strong

As an educational outreach event organized by TU Wien, Princeton University, and SBA Research, the 1st International Summer School on Security & Privacy for Blockchains and Distributed Ledger Technologies took place between September 2-5, 2019. Held in Vienna, Austria in its first year, it was organized as a mix of in-depth lectures from 15 high-profile speakers from academia and industry, as well as two hackathons. The summer school provided the 85 students, academic, and industry attendees an opportunity to learn about cutting-edge topics on blockchains and other distributed ledger technologies and foster their understanding of the security and privacy specific requirements and guarantees, and was made possible thanks to generous support by Liquidity Network, Nimiq, Research Institute, Bitpanda, NuCypher, Bolt Labs, the Vienna Center for Logic and Algorithms, and the city of Vienna.

The summer school’s closing panel with Patrick McCorry (King’s College and PISA Research), Jing Chen (Stony Brook University and Algorand), and Krzysztof Pietrzak (IST Austria), moderated by Matteo Maffei (TU Wien), discussed the future of blockchain technologies. It highlighted the technologies’ disruptive potential, from giving control over citizens’ money back to them, to reducing the processing costs of financial transactions, to enabling a worldwide trustworthy distributed computing platform, and it discussed their grand challenges, in particular emphasizing the need of interdisciplinary research that bridges cryptography and economy, and the need to address scalability and sustainability. 

More details are available on the website of the summer school:

Edgar Weippl at puls4, live interview on “hacking”!

SBA Research & Technische Universität Wien

Watch the video here!


This year´s ARES & CD-MAKE conference took place at the University of Kent in Canterbury, UK from August 26-29, 2019. On campus accommodation provided a great possibility for 230 participants from 33 countries to discuss the various aspects of security from early morning until late evening. For the third year in succession, the International IFIP Cross Domain Conference for Machine Learning & Knowledge Extraction (CD-MAKE) was co-located with ARES 2019.

21 full papers (acceptance rate: 20.75%) and 9 short papers were presented in the ARES main track. Participants were also offered a vast range of topics within 19 workshops (3 of them in the context of the EU Projects Symposium). Several social events provided good networking opportunities as well as insights into Canterbury´s surroundings and culture.

2019 Keynote Speakers
Accepted ARES Papers
Accepted CD-MAKE Papers

ARES & CD-MAKE 2020 will be hosted at the University College of Dublin.

Prof. Ilias S. Kotsireas visits MatRIS research group, Sep 2 – 6, 2019

Prof. Ilias S. Kotsireas ( from Wilfrid Laurier University in Waterloo, Canada, visited MatRIS research group for exploration of new scientific ideas in the field of applied combinatorial mathematics, strengthening the collaboration which recently resulted in the joint publication of a paper to the 8th International Conference on Algebraic Informatics ( Prof. Kotsireas is an expert in the areas of symbolic computation and combinatorial designs and he is interested in using algorithmic, meta-heuristic and high-performance computing techniques to study existence questions for combinatorial designs.

SBA Research as one of three expert opinions in “Kurier” and “futurezone”!

“There are technical ways to minimize the scale of such attacks, but there is no one hundred percent protection.”

Media: Kurier & Fututrezone

Security Advisory: Ping Identity Agentless Integration Kit <1.5 Reflected Cross-site Scripting (XSS)

Ping Identity Agentless Integration Kit before 1.5 is susceptible to Reflected Cross-site Scripting at the /as/authorization.oauth2 endpoint due to improper encoding of an arbitrarily submitted HTTP GET parameter name.

Full security advisory:

This Website uses Cookies. more information

The cookie settings on this website are set to "allow cookies" to give you the best browsing experience possible. If you continue to use this website without changing your cookie settings or you click "Accept" below then you are consenting to this.