member image

I am a faculty at CISPA Helmholtz Center for Information Security, leading the Application Security (AppSec) research group. These are our broad areas of interest:

  • Web security and web application security
  • Security of emerging technology (e.g., metaverse/WebXR, etc.)
  • Program analysis (e.g., dynamic/static, client and server, etc.)
  • ML/AI for program analysis

Research

Current interests

Autonomous vulnerability detection and analysis:

Vulnerability analysis at scale

Security of the web platform and emerging technology

Cyberattacks

Awards 🏆

Service

  • PC co-chair: USENIX Security (2025)
  • Vice PC chair: USENIX Security (2023, 2024)
  • PC member at IEEE S&P (2024, 2023, 2022, 2021), ACM CCS (2023, 2021, 2020, 2018), USENIX Security (2022, 2021, 2020, 2019), IEEE Euro S&P (2023, 2022, 2020), ACSAC (2023, 2022, 2021, 2020, 2019, 2018, 2017), ACM AsiaCCS (2022, 2021, 2020, 2019), The Web Conference WWW (2023, 2022, 2021, 2020), DIMVA (2023, 2022, 2021, 2020), RAID (2022), SecWeb (2022, 2020), EuroSec (2022, 2021, 2020, 2019), ISC (2019), CARDS (2019), USENIX WOOT (2018), ACM CCS Poster (2016), IWCC (2016, 2015), DEPEND (2016, 2015), WTMC (2016), STAST (2014), NBiS (2014)
  • ACM CCS Doctoral Symposium (2024, 2025)
  • USENIX Security invited talks committee (2021, 2019)
  • General co-chair for IEEE Euro S&P (2020)
  • PC co-chair for SECTEST2015
  • Publicity chair for ACM CCS (2017)
  • Publication chair for DIMVA (2022, 2021)
  • Reviewer for ACM Computing Surveys, IEEE Transactions on Cloud Computing (TCC), and Transactions on Dependable and Secure Computing (TDSC)

Contact