Data Protection Declaration
TU Braunschweig’s data protection declaration applies to this website except section V, VI, VII, and VIII.
In addition, this web offer is subject to a data processing activity which is described below:
IX. Description of the data processing activity
1. Description and scope of data processing
For the needs of the research project defined here, PACO logs requests to our server, storing the following information:
PACO logs IP addresses to allow distinguishing different systems that visit our website.
PACO collects a timestamp each time it is visited to measure the period between recurring visits.
PACO logs the HTTP headers your browser sends to our server, including the User Agent header usually containing information regarding your browser and operating system.
Information of potentially vulnerable systems
For the needs of our research goal, this website hosts a script that can indicate the presence of different XSS vulnerabilities in the backend. Our harmless test requests may entice vulnerable systems to load this script and execute it. In order to discover hidden vulnerabilities directly accessible via the Web, the research script collects a minimal amount of anonymous information and sends it back to our server. When such information is transferred to us, our system visits the potential backend that executed our script to check whether a vulnerability exists. We use this knowledge to inform website providers about potential security problems on their end.
Our script collects the following information:
2. Legal basis for data processing
3. Purpose of data processing
We collect and may publish or share aggregated, statistical data from the PACO project in order to facilitate security research, educate people about security problems, and to aid in the development of security-enhancing technologies.
4. Period of storage, possibilities to object to and remove data
A contact and information about object to our scans and data collection is given here.