Research Project "PACO"
Welcome to the website of the research project "PACO". The project this website describes is carried out by security researchers from two German universities, Ruhr-University Bochum  and Technische Universität Braunschweig , within the Cluster of Excellence CASA .
What is the goal of PACO?
The PACO project aims to detect security vulnerabilities in the backends of web applications. In particular, we investigate cross-site scripting (XSS) vulnerabilities in backend code that are directly accessible via the Web. To discover these subtle flaws, we send test requests to selected websites that can indicate the presence of different XSS vulnerabilities in the backend. These test requests are harmless and do not contain any malicious code. No personal or otherwise sensitive data is accessed on your side.
How can I check the authenticity of this Website?
You can find proof that this website (plglt.de) is officially part of a joined research project by Ruhr-University Bochum and Technische Universität Braunschweig on TU Braunschweig's official website .
Why did I receive a request from PACO?
You have received test requests from our project, because your website is listed in the Tranco  top sites ranking and processes user-provided content. Our project sends requests from Ruhr University Bochum's IP address 126.96.36.199. The requests are harmless and do not contain any malicious code, but they enable to locate security problems in your backend. If we notice an issue, we will contact you and help to develop a fix, as soon as possible. We are aware that our tests might bother you and trigger security mechanisms. However, we are convinced that our study is necessary and ultimately helpful for you.
Our project was approved the by Ethical Advisory Board at CASA through a Chair's Action. The project investigates a security problem of yet unknown prevalence. The notification of affected users directly contributes to mitigating this security problem, thus outweighing negative side effects.
How can I opt out from PACO?
If you wish to opt out of the PACO study, please contact our E-Mail address below.
Feedback and Contact
Should you require further information or have any other question, please do not hesitate to contact us under the same E-Mail address as above.
 Technische Universität Braunschweig https://www.tu-braunschweig.de/en/
 CASA Cluster of Excellence https://casa.rub.de/en/
 PACO Study with Institute for Application Security at Technische Universität Braunschweig https://www.tu-braunschweig.de/ias/crawling/
 Victor Le Pochat, et al. 2019. Tranco: A Research-Oriented Top Sites Ranking Hardened Against Manipulation. In Proc. of Network and Distributed System Security Symposium (NDSS). Available at https://tranco-list.eu/list/.
© Technische Universität Braunschweig - Privacy