Giancarlo Pellegrino

Latest

• YuraScanner: Leveraging LLMs for Task-driven Web App Scanning
• Rag and Roll: An End-to-End Evaluation of Indirect Prompt Manipulations in LLM-based Application Frameworks
• SoK: State of the Krawlers - Evaluating the Effectiveness of Crawling Algorithms for Web Security Measurements
• SSRF vs. Developers: A Study of SSRF-Defenses in PHP Applications
• The Big Brother's New Playground: Unmasking the Illusion of Privacy in Web Metaverses from a Malicious User's Perspective
• The Great Request Robbery: An Empirical Study of Client-side Request Hijacking Vulnerabilities on the Web
• Uncovering the Role of Support Infrastructure in Clickbait PDF Campaigns
• From Attachments to SEO: Click Here to Learn More about Clickbait PDFs!
• It's (DOM) Clobbering Time: Attack Techniques, Prevalence, and Defenses
• The Leaky Web: Automated Discovery of Cross-Site Information Leaks in Browsers and the Web
• The State of the SameSite: Studying the Usage, Effectiveness, and Adequacy of SameSite Cookies
• Black Widow: Blackbox Data-driven Web Scanning
• JAW: Studying Client-side CSRF with Hybrid Property Graphs and Declarative Traversals
• Where We Stand (or Fall): An Analysis of CSRF Defenses in Web Frameworks
• Black Widow
• Automatic Uncovering of Hidden Behaviors from Input Validation in Mobile Apps
• Deceptive Previews: A Study of the Link Preview Trustworthiness in Social Platforms
• Raccoon: Automated Verification of Guarded Race Conditions in Web Applications
• SentiNet: Detecting Localized Universal Attack Against Deep Learning Systems
• AdVersarial: Perceptual Ad Blocking meets Adversarial Machine Learning
• Fidelius: Protecting User Secrets from Compromised Browsers
• Geo-locating Drivers: A Study of Sensitive Data Leakagein Ride-Hailing Services
• AdVersarial: Perceptual Ad Blocking meets Adversarial Machine Learning
• Didn't You Hear Me? - Towards More Successful Web Vulnerability Notifications
• Fidelius: Protecting User Secrets from Compromised Browsers
• Formally Reasoning about the Cost and Efficacy of Securing the Email Infrastructure
• SentiNet: Detecting Localized Universal Attacks Against Deep Learning Systems
• The Rise of the Citizen Developer: Assessing the Security Impact of Online App Generators
• Deemon: Detecting CSRF with Dynamic Analysis and Property Graphs
• Who Controls the Internet?: Analyzing Global Threats Using Property Graph Traversals
• Hey, You Have a Problem: On the Feasibility of Large-Scale Web Vulnerability Notification
• POSTER: Mapping the Landscape of Large-Scale Vulnerability Notifications
• Uses and Abuses of Server-Side Requests
• Attribute-based Credentials for Trust: Technical Implementation and Feasibility
• Cashing Out the Great Cannon? On Browser-Based DDoS Attacks and Economics
• In the Compression Hornet's Nest: A Security Study of Data Compression in Network Services
• jAEk: Using Dynamic Analysis to Crawl and Test Modern Web Applications
• On the Feasibility of Side-Channel Attacks in a Virtualized Environment
• Toward Black-Box Detection of Logic Flaws in Web Applications
• An Authentication Flaw in Browser-based Single Sign-On Protocols: Impact and Remediations
• A Tool for Supporting Developers in Analyzing the Security of Web-Based Security Protocols
• From Model-Checking to Automated Testing of Security Protocols: Bridging the Gap
• The AVANTSSAR Platform for the Automated Validation of Trust and Security of Service-Oriented Architectures
• From Multiple Credentials to Browser-Based Single Sign-On: Are We More Secure?
• Security Validation of Business Processes via Model-Checking
• Ad-Versarial
• Deemon
• Guenther