Giancarlo Pellegrino

System Security Research Group
CISPA, Saarland University
Campus E1.7
66123 Saarbrücken

Short bio:

I am currently a postdoc in the System Security research group at CISPA, Saarland University, Germany. I hold a Ph.D. in computer network and security from Telecom ParisTech/EURECOM, France. During my doctoral studies, I was member of the S3 group at EURECOM in Sophia-Antipolis (France) under the supervision of the Assistant Professor Davide Balzarotti. Until August 2013, I worked as Researcher Associate in the "Security and Trust" group at the SAP research laboratories in Sophia-Antipolis and Karlsruhe.

Research interests:

My main research interests include, but are not limited to, all aspects of web application security in particular security testing (black and white-box) and vulnerability analysis.

Selected publications

A complete list is available here

  • jAEk: Using Dynamic Analsys to Crawl and Test Modern Web Applications
    G. Pellegrino, C. Tschuertz, E. Bodden, C. Rossow
    Accepted to the Research in Attacks, Intrusions and Defenses (RAID) Symposium (RAID 2015)
  • In the Compression Hornet's Nest: A Security Study of Data Compression in Network Services
    G. Pellegrino, D. Balzarotti, S. Winter, N. Suri
    24th USENIX Security Symposium (USENIX Security 15)
    [pdf][slides][lightning talk video]
  • Cashing Out the Great Cannon? On Browser-Based DDoS Attacks and Economics
    G. Pellegrino, C. Rossow, F. J. Ryba, T. C. Schmidt, M. Waehlisch
    9th USENIX Workshop on Offensive Technologies (WOOT 15)
  • Toward Black-Box Detection of Logic Flaws in Web Applications
    G. Pellegrino, D. Balzarotti
    Network and Distributed System Security symposium 2014 (NDSS2014), San Diego, USA, February 23-25, 2014
  • An Authentication Flaw in Browser-based Single Sign-On Protocols: Impact and Remediations
    A. Armando, R. Carbone, L. Compagna, J. Cuéllar, G. Pellegrino, A. Sorniotti
    Computers & Security, 2013
  • A Tool for Supporting Developers in Analyzing the Security of Web-based Security Protocols
    G. Pellegrino, L. Compagna, T. Moreggia
    25th IFIP International Conference on Testing Software and Systems (ICTSS'13), Istanbul, Turkey, November 13-15, 2013
  • From Model-checking to Automated Testing of Security Protocols: Bridging the Gap
    A. Armando, G. Pellegrino, R. Carbone, A. Merlo, D. Balzarotti
    6th International Conference on Tests & Proofs (TAP 2012), Prague (Czech Republic), May 31 - June 1, 2012


Presentations and Talks

Professional activities

Vulnerability discovery and disclosure

A complete list is available here