Research Project "PACO"

Welcome to the website of the research project "PACO". The project this website describes is carried out by security researchers from two German universities, Ruhr-University Bochum [1] and Technische Universität Braunschweig [2], within the Cluster of Excellence CASA [3].

What is the goal of PACO?

The PACO project aims to detect security vulnerabilities in the backends of web applications. In particular, we investigate cross-site scripting (XSS) vulnerabilities in backend code that are directly accessible via the Web. To discover these subtle flaws, we send test requests to selected servers that can indicate the presence of different XSS vulnerabilities in the backend. These test requests are harmless and do not contain any malicious code. No personal or otherwise sensitive data is accessed on your side.

How can I check the authenticity of this Website?

You can find proof that this website ( is officially part of a joined research project by Ruhr-University Bochum and Technische Universität Braunschweig on TU Braunschweig's official website [3].

Why did I receive a request from PACO?

You have received test requests from our project, because your website was found during a port scan and has an open port for a text-based protocol. Our project sends requests from Ruhr University Bochum's IP address The requests are harmless and do not contain any malicious code, but they enable to locate security problems in your backend. If we notice an issue, we will contact you and help to develop a fix, as soon as possible. We are aware that our tests might bother you and trigger security mechanisms. However, we are convinced that our study is necessary and ultimately helpful for you.

Ethical Considerations

Our project was approved the by Ethical Advisory Board at CASA through a Chair's Action. The project investigates a security problem of yet unknown prevalence. The notification of affected users directly contributes to mitigating this security problem, thus outweighing negative side effects.

How can I opt out from PACO?

If you wish to opt out of the PACO study, please contact our E-Mail address below.

Feedback and Contact



Postal address

Ruhr-Universität Bochum
Universitätsstraße 150
44801 Bochum

Should you require further information or have any other question, please do not hesitate to contact us under the same E-Mail address as above.

Cyber Security in the Age of Large-Scale Adversaries (CASA) pursues the goal of enabling sustainable security against large-scale adversaries, in particular nation-state attackers.

[1] Ruhr-University Bochum
[2] Technische Universität Braunschweig
[3] CASA Cluster of Excellence
[4] PACO Study with Institute for Application Security at Technische Universität Braunschweig

© Technische Universität Braunschweig - Privacy