---

I am a visiting Assistant Professor at Stanford University and Independent Research Group Leader at CISPA (Center for IT Security, Privacy, and Accountability). Before that I was postdoc in the System Security group at CISPA and during my doctoral studies I was member of the S3 group at EURECOM in Sophia-Antipolis (France) under the supervision of Davide Balzarotti. Until August 2013, I worked as researcher associate in the "Security and Trust" group at the SAP research labs.

---

Research

My main research interests include, but are not limited to, web security, dynamic program analysis, and automated vulnerability analysis. I create techniques and build automated tools to detect and study vulnerabilities in the next generation application software.

I also study the life-cycle of vulnerabilities with empirical and large-scale analyses. In particular, I am interested at solving the shortcomings between the identification of vulnerabilities and their resolution.

---

Services

• PC member at ACM CCS (2018)
• PC member at ACSAC (2018, 2017)
• PC member at Usenix (WOOT 2018)
• PC member at ACM CCS Poster (2016)
• PC member at IWCC (2016, 2015)
• PC member at DEPEND (2016, 2015)
• PC member at WTMC (2016)
• PC member at STAST (2014)
• PC member at NBiS (2014)
• Publicity chair for ACM CCS (2017)
• PC (co-)chair at SECTEST2015
• Journal reviewer for ACM Computing Surveys, IEEE Transactions on Cloud Computing (TCC), and Transactions on Dependable and Secure Computing (TDSC)

---

Presentations and Talks

• Deemon: Detecting CSRF with Dynamic Analysis and Property Graphs, ITASEC Italian Conference on Cybersecurity, Milan, Italy, February 2018
  slides
• Compression Bombs Strike Back, BeNeLux OWASP Day 2016, Leuven, Belgium, November 25, 2016
  slides
• Compression Bombs Strike Back, OWASP AppSec Europe '16, Rome, Italy, June 27 - July 01, 2016
  slides
• Business Logic Vulnerabilities in eCommerce Web Applications, OWASP Europe Tour 2013, Biot Sophia Antipolis, France, June 24, 2013
  slides