| CARVIEW |
Stanford Security Lunch
Welcome to Security Lunch. We host speakers from both industry and academia to give talks related to applied cryptography, and system and network security.
If you're interested in attending, please sign up for the mailing list to receive updates about upcoming talks. There is an option to join virtually on Zoom.
If you're interested in giving a talk, we would love to have you! Please find more details in the About page.
You can find the upcoming and past talks for the current quarter below. We meet every Wednesday, 12 pm in CoDa E160.
Fall 2025
Upcoming
Abstract: Modern web applications rely on dense layers of third party scripts, cloud services, and build tooling. These layers shape how data is collected, moved, and protected, yet are governed far more weakly — both intentionally and unintentionally. This talk examines how security and privacy governance fail at web scale. From a security perspective, it exposes how weaknesses in data handling can leak highly sensitive data, creating risks that extend beyond the web into real-world systems. From a privacy perspective, it highlights how malpractices by third parties result in the interception of user inputs on webpages and the exfiltration of this data to external entities. These reveal that prevailing governance assumptions about who controls which data, and where, are misaligned with the deployed ecosystem.
Bio: Nurullah Demir is a Visiting Postdoctoral Scholar at Stanford University and holds a Ph.D. from the Karlsruhe Institute of Technology (Germany). His current research focuses on analyzing structural security and privacy risks on the web and developing intelligent methods to identify and mitigate them at scale. He is a core maintainer of the open-source project HTTP Archive and leads the Web Almanac, an annual data-driven report on the state of the web.