Sven Türpe


Sven is one of the founders of SIT’s security test lab. He received his diploma in computer science from the University of Leipzig in 2000 and joined Fraunhofer SIT the same year. Here, he gained experience both as a software developer and as a software tester. Sven likes to take things apart and juggle their parts. He looks good in suits.

Areas of expertise:

Software security testing, adversarial thinking, security evaluation and certification, banking security, cloud security, communication, inexhaustible source of unpleasant questions

Research interests:

Secure software engineering, threat models, security design models, security testing, usable security, security philosophy


Phone: +49(0)6151/869-238

PGP Key ID: 0x05C5FA9E
S/MIME: X.509 certificate, Fraunhofer CA root certificate, Instructions



Sven Türpe; Andreas Poller: Managing Security Work in Scrum: Tensions and Challenges. In: M.G. Jaatun, D.S. Cruzes (eds.): Proceedings of the International Workshop on Security in DevOps and Agile Secure Software Engineering (SecSE 2017), published at © authors. [BibTeX]
also available: workshop presentation (.mp4 - slides and audio), slides (.pdf)

Sven Türpe: The Trouble With Security Requirements. 25th IEEE International Requirements Engineering Conference (RE'17), September 4-8, 2017, Lisbon, Portugal. DOI: 10.1109/RE.2017.13, © IEEE. [BibTeX]

Andreas Poller; Laura Kocksch; Sven Türpe; Felix Anand Epp; Katharina Kinder-Kurlanda: Can Security Become a Routine? A Study of Organizational Change in an Agile Software Development Group. Proceedings of the 2017 ACM Conference on Computer Supported Cooperative Work and Social Computing (CSCW'17), February 25–March 1, 2017, Portland, OR, USA. DOI: 10.1145/2998181.2998191, © authors/ACM. [BibTeX]
also available: CSCW'17 slide deck

Sven Türpe; Jürgen Geuter; Andreas Poller: Emission statt Transaktion: Weshalb das klassische Datenschutzparadigma nicht mehr funktioniert. In: Friedewald, M.; Roßnagel, A.; Lamla, J. (Hrsg.) (2017): Informationelle Selbstbestimmung im digitalen Wandel. Wiesbaden: Springer Vieweg DOI: 10.1007/978-3-658-17662-4_14, © Springer. [BibTeX]
auch online: Slides des Konferenzvortrags am 26.11.2015


Sven Türpe; Laura Kocksch; Andreas Poller: Penetration Tests a Turning Point in Security Practices? Organizational Challenges and Implications in a Software Development Team. 2nd Workshop on Security Information Workers, Denver, CO, 22 June 2016. © authors. [BibTeX]
(see also our CSCW'17 paper for more detail)

Sven Türpe: Idea: Usable Platforms for Secure Programming - Mining Unix for Insight and Guidelines. Engineering Secure Software and Systems (Proc. ESSoS'16), LNCS 9639. DOI: 10.1007/978-3-319-30806-7_13, © Springer. [BibTeX]


Andreas Poller; Sven Türpe; Katharina Kinder-Kurlanda: An Asset to Security Modeling? Analyzing Stakeholder Collaborations Instead of Threats to Assets. New Security Paradigms Workshop (NSPW'14), Victoria, BC, September 15-18, 2014. DOI: 10.1145/2683467.2683474 [BibTeX]

Sven Türpe; Annika Selzer; Andreas Poller; Mark Bedner: Denkverbote für Star-Trek-Computer? Datenschutz und Datensicherheit - DuD 38(1), Januar 2014, S. 31-35. DOI: 10.1007/s11623-014-0008-x, © Autoren / Springer Gabler. [BibTeX]

Jim Whitmore; Sven Türpe; Stefan Triller; Andreas Poller; Christina Carlson: Threat analysis in the software development lifecycle. IBM Journal of Research and Development 58(1), 2014. DOI: 10.1147/JRD.2013.2288060, © IBM. [BibTeX]


Sven Türpe: Point-and-Shoot Security Design: Can We Build Better Tools for Developers? New Security Paradigms Workshop 2012 (NSPW’12), Bertinoro, Italy, September 19-21, 2012. DOI: 10.1145/2413296.2413300, © ACM. [BibTeX]

Sven Türpe: Warum Googles Datensammeln gar nicht so böse ist., 2012. Überarbeitete Fassung der Blogserie Datenkrake Google, Erich sieht - Sicherheit anders,, 2012. [BibTeX]

Andreas Poller; Ulrich Waldmann; Sven Vowé; Sven Türpe: Electronic Identity Cards for User Authentication – Promise and Practice. IEEE Security and Privacy Magazine, vol. 10, no. 1 (jan/feb) 2012. DOI: 10.1109/MSP.2011.148, © IEEE. [BibTeX]


Sven Türpe: Search-based Application Security Testing: Towards a Structured Search Space. 4th International Workshop on Search-Based Software Testing (SBST’11), March 21, 2011, Berlin, Germany. DOI: 10.1109/ICSTW.2011.96, © IEEE. [BibTeX]


Thomas Heumann; Sven Türpe; Jörg Keller: Quantifying the Attack Surface of a Web Application. In: Felix C. Freiling (Hrsg.): Sicherheit 2010: Sicherheit, Schutz und Zuverlässigkeit. Beiträge der 5. Jahrestagung des Fachbereichs Sicherheit der Gesellschaft für Informatik e.V. (GI) 5.-7. Oktober 2010 in Berlin, GI-Edition - Lecture Notes in Informatics (LNI), P-170, Bonner Köllen Verlag, 2010. [BibTeX]

Jörn Eichler; Sven Türpe: Produktivsysteme sicher testen. Praktische Vorsichtsmaßnahmen für Penetrationstests. <kes> 2010#2, Mai 2010. [BibTeX]


Sven Türpe: What Is the Shape of Your Security Policy? Security as a Classification Problem. New Security Paradigms Workshop (NSPW), September 8-11, 2009, Oxford, United Kingdom. DOI: 10.1145/1719030.1719035, © ACM. [BibTeX]

Sven Türpe; Jörn Eichler: Testing Production Systems Safely: Common Precautions in Penetration Testing. Testing: Academic and Industrial Conference-Practice and Research Techniques (TAIC PART 2009), 4-6 September 2009, Windsor, United Kingdom. DOI: 10.1109/TAICPART.2009.17, © IEEE. [BibTeX]

Sven Türpe; Andreas Poller; Jan Steffan; Jan-Peter Stotz; Jan Trukenmüller: Attacking the BitLocker Boot Process. 2nd International Conference on Trusted Computing (Trust 2009), Oxford, UK; April 6-8th. DOI: 10.1007/978-3-642-00587-9_12, © Springer. [BibTeX]
(see also our demonstration video)


Sven Türpe; Andreas Poller; Jan Steffan; Jan-Peter Stotz; Jan Trukenmüller: Attacking the BitLocker Boot Process. Research Workshop on Challenges for Trusted Computing at the 3rd European Trusted Infrastructure Summer School (ETISS 2008). [BibTeX]
(superseded by Trust 2009 version)

Sven Türpe; Andreas Poller; Jürgen Repp; Jan Trukenmüller; Christian Bornmann: Supporting Security Testers in Discovering Injection Flaws. 3rd IEEE Testing: Academic and Industrial Conference (TAIC-PART 2008); Windsor, England, United Kingdom, August 2008. DOI: 10.1109/TAIC-PART.2008.7, © IEEE. [BibTeX]

Sven Türpe: Security Testing: Turning Practice into Theory. 1st International ICST workshop on Security Testing, 9 April 2008, Lillehammer. DOI: 10.1109/ICSTW.2008.38, © IEEE. [BibTeX]

Jan Steffan; Andreas Poller; Jan Trukenmüller; Jan-Peter Stotz; Sven Türpe: BitLocker Drive Encryption im mobilen und stationären Unternehmenseinsatz. Ein Leitfaden für Anwender. Fraunhofer-Institut SIT und BSI; 84 Seiten; 03/2008. [BibTeX]
[more information]

Middle Ages and Before

Sven Türpe; Anke Baumann: Phishing-Shutz im Online-Banking - Hilfe zum Selbstschutz für Nutzer. Studie, Fraunhofer-Institut SIT, 10/2004. [BibTeX]