Vulnerability Detection and Analysis:
- Web application scanners (Black Widow [IEEE SP 2021], jAEk [RAID 2015])
- Cross-site request forgery (Same-site Cookies [Oakland 2022], client-side CSRF detection (JAW) [Usenix 2021], the state of CSRF defenses implementations [RAID 2021], CSRF detection (Deemon) [ACM CSS 2017])
- Server-side requests (Link previews [NDSS 2020], SSR abuse [RAID 2016])
- Backdoors and hidden features [IEEE SP 2020]
- Web API security [NDSS 2019]
- Logic vulnerabilities [NDSS 2014]
Web Platform Security:
- Web enclaves and trusted user I/O path (Fidelius [IEEE SP 2019])
- Internet core services security (Who controls the Internet [WWW 2017], the Great Cannon [WOOT 2015])
Security of ML-based Systems:
- Attacking perceptual ad-blocking [CCS 2019]
- Detection of adversarial physical attacks [IEEE DLS 2020]