Giancarlo Pellegrino
Giancarlo Pellegrino
Research
Research group
Publications
Scienceware
Funded Projects
Open Positions
Internships/Assistants/Theses
Teaching
Giancarlo Pellegrino
Latest
CHARON: Polyglot Code Analysis for Detecting Vulnerabilities in Scripting Languages Native Extensions
Do (Not) Follow the White Rabbit: Challenging the Myth of Harmless Open Redirection
Exploration of the Dynamics of Buy and Sale of Social Media Accounts
Exploring the Design Space for Security Warnings in Immersive Environments
Less is More: Boosting Coverage of Web Crawling through Adversarial Multi-Armed Bandit
Permission Rationales in the Web Ecosystem: An Exploration of Rationale Text and Design Patterns
YuraScanner: Leveraging LLMs for Task-driven Web App Scanning
Exploration of the Dynamics of Buy and Sale of Social Media Accounts
Rag and Roll: An End-to-End Evaluation of Indirect Prompt Manipulations in LLM-based Application Frameworks
SoK: State of the Krawlers - Evaluating the Effectiveness of Crawling Algorithms for Web Security Measurements
SSRF vs. Developers: A Study of SSRF-Defenses in PHP Applications
The Big Brother's New Playground: Unmasking the Illusion of Privacy in Web Metaverses from a Malicious User's Perspective
The Great Request Robbery: An Empirical Study of Client-side Request Hijacking Vulnerabilities on the Web
Uncovering the Role of Support Infrastructure in Clickbait PDF Campaigns
From Attachments to SEO: Click Here to Learn More about Clickbait PDFs!
It's (DOM) Clobbering Time: Attack Techniques, Prevalence, and Defenses
The Leaky Web: Automated Discovery of Cross-Site Information Leaks in Browsers and the Web
The State of the SameSite: Studying the Usage, Effectiveness, and Adequacy of SameSite Cookies
Black Widow: Blackbox Data-driven Web Scanning
JAW: Studying Client-side CSRF with Hybrid Property Graphs and Declarative Traversals
Where We Stand (or Fall): An Analysis of CSRF Defenses in Web Frameworks
Black Widow
Automatic Uncovering of Hidden Behaviors from Input Validation in Mobile Apps
Deceptive Previews: A Study of the Link Preview Trustworthiness in Social Platforms
Raccoon: Automated Verification of Guarded Race Conditions in Web Applications
SentiNet: Detecting Localized Universal Attack Against Deep Learning Systems
AdVersarial: Perceptual Ad Blocking meets Adversarial Machine Learning
Fidelius: Protecting User Secrets from Compromised Browsers
Geo-locating Drivers: A Study of Sensitive Data Leakagein Ride-Hailing Services
AdVersarial: Perceptual Ad Blocking meets Adversarial Machine Learning
Didn't You Hear Me? - Towards More Successful Web Vulnerability Notifications
Fidelius: Protecting User Secrets from Compromised Browsers
Formally Reasoning about the Cost and Efficacy of Securing the Email Infrastructure
SentiNet: Detecting Localized Universal Attacks Against Deep Learning Systems
The Rise of the Citizen Developer: Assessing the Security Impact of Online App Generators
Deemon: Detecting CSRF with Dynamic Analysis and Property Graphs
Who Controls the Internet?: Analyzing Global Threats Using Property Graph Traversals
Hey, You Have a Problem: On the Feasibility of Large-Scale Web Vulnerability Notification
POSTER: Mapping the Landscape of Large-Scale Vulnerability Notifications
Uses and Abuses of Server-Side Requests
Attribute-based Credentials for Trust: Technical Implementation and Feasibility
Cashing Out the Great Cannon? On Browser-Based DDoS Attacks and Economics
In the Compression Hornet's Nest: A Security Study of Data Compression in Network Services
jAEk: Using Dynamic Analysis to Crawl and Test Modern Web Applications
On the Feasibility of Side-Channel Attacks in a Virtualized Environment
Toward Black-Box Detection of Logic Flaws in Web Applications
An Authentication Flaw in Browser-based Single Sign-On Protocols: Impact and Remediations
A Tool for Supporting Developers in Analyzing the Security of Web-Based Security Protocols
From Model-Checking to Automated Testing of Security Protocols: Bridging the Gap
The AVANTSSAR Platform for the Automated Validation of Trust and Security of Service-Oriented Architectures
From Multiple Credentials to Browser-Based Single Sign-On: Are We More Secure?
Security Validation of Business Processes via Model-Checking
Ad-Versarial
Deemon
Guenther
Cite
×