Fwd: [security-lunch] Dec 10 | Nurullah Demir on "Broken Security and Privacy Governance at Web Scale"
1 view
Skip to first unread message
Alan Karp
Dec 8, 2025, 9:47:38 PM (5 days ago) Dec 8
to <friam@googlegroups.com>
--------------
Alan Karp
---------- Forwarded message ---------
From: Michael Leo Paper via security-lunch <securit...@lists.stanford.edu>
Date: Mon, Dec 8, 2025 at 2:42 PM
Subject: [security-lunch] Dec 10 | Nurullah Demir on "Broken Security and Privacy Governance at Web Scale"
To: securit...@lists.stanford.edu <securit...@lists.stanford.edu>
From: Michael Leo Paper via security-lunch <securit...@lists.stanford.edu>
Date: Mon, Dec 8, 2025 at 2:42 PM
Subject: [security-lunch] Dec 10 | Nurullah Demir on "Broken Security and Privacy Governance at Web Scale"
To: securit...@lists.stanford.edu <securit...@lists.stanford.edu>
Security Lunch 🍂 Ed. — Wednesday, Dec 10th, 2025, 12:00 pm @ CoDa E160
Broken Security and Privacy Governance at Web Scale
Nurullah Demir
Can't make it in person? Join us on
zoom.
See our past & upcoming events on our
website!
Abstract:
Modern web applications rely on dense layers of third party scripts, cloud services, and build tooling. These layers shape how data is collected, moved, and protected, yet are governed far more weakly — both intentionally and unintentionally. This talk examines
how security and privacy governance fail at web scale. From a security perspective, it exposes how weaknesses in data handling can leak highly sensitive data, creating risks that extend beyond the web into real-world systems. From a privacy perspective, it
highlights how malpractices by third parties result in the interception of user inputs on webpages and the exfiltration of this data to external entities. These reveal that prevailing governance assumptions about who controls which data, and where, are misaligned
with the deployed ecosystem.
Bio:
Nurullah Demir is a Visiting Postdoctoral Scholar at Stanford University and holds a Ph.D. from the Karlsruhe Institute of Technology (Germany). His current research focuses on analyzing structural security and privacy risks on the web and developing intelligent
methods to identify and mitigate them at scale. He is a core maintainer of the open-source project HTTP Archive and leads the Web Almanac, an annual data-driven report on the state of the web.
security-lunch mailing list
securit...@lists.stanford.edu
https://mailman.stanford.edu/mailman/listinfo/security-lunch
Reply all
Reply to author
Forward
0 new messages