SecAppDev 2026 Faculty

Tom Van Goethem

Tom Van Goethem

Software engineer / Researcher, Google / KU Leuven

Tom Van Goethem is a software engineer for Chrome at Google and a part-time researcher with the DistriNet group at KU Leuven. His work is mainly focused on practical side-channel attacks against web applications and browsers. By exposing flaws that result from the unintended interplay of different components or network layers, Tom aims to bring us closer to a more secure web that we all deserve. He has given presentations at various venues such as Black Hat USA, Asia and Europe, DEF CON, OWASP Global, and USENIX Security.

Don't miss out on SecAppDev!

Grab your seat now

The Art of Cross-site Leaks

Advanced lecture by Tom Van Goethem in room West Wing

Wednesday June 3rd, 14:00 - 15:30

XS-Leaks bypass the same-origin policy to infer sensitive user data via browser side-channels. Learn how these invisible attacks work, what browser vendors are doing, and the simple steps you can take to secure your applications.

Key takeaway: XS-Leaks bypass SOP through side channels and native browser features; learn how SameSite and Fetch Metadata help defend your apps.

Web security
Application Security
Privacy