Giancarlo Pellegrino

Latest

• It's (DOM) Clobbering Time: Attack Techniques, Prevalence, and Defenses
• The Leaky Web: Automated Discovery of Cross-Site Information Leaks in Browsers and the Web
• The State of the SameSite: Studying the Usage, Effectiveness, and Adequacy of SameSite Cookies
• Black Widow: Blackbox Data-driven Web Scanning
• JAW: Studying Client-side CSRF with Hybrid Property Graphs and Declarative Traversals
• Where We Stand (or Fall): An Analysis of CSRF Defenses in Web Frameworks
• Black Widow
• Automatic Uncovering of Hidden Behaviors from Input Validation in Mobile Apps
• Deceptive Previews: A Study of the Link Preview Trustworthiness in Social Platforms
• Raccoon: Automated Verification of Guarded Race Conditions in Web Applications
• SentiNet: Detecting Localized Universal Attack Against Deep Learning Systems
• AdVersarial: Perceptual Ad Blocking meets Adversarial Machine Learning
• Fidelius: Protecting User Secrets from Compromised Browsers
• Geo-locating Drivers: A Study of Sensitive Data Leakagein Ride-Hailing Services
• AdVersarial: Perceptual Ad Blocking meets Adversarial Machine Learning
• Didn't You Hear Me? - Towards More Successful Web Vulnerability Notifications
• Fidelius: Protecting User Secrets from Compromised Browsers
• Formally Reasoning about the Cost and Efficacy of Securing the Email Infrastructure
• SentiNet: Detecting Localized Universal Attacks Against Deep Learning Systems
• The Rise of the Citizen Developer: Assessing the Security Impact of Online App Generators
• Deemon: Detecting CSRF with Dynamic Analysis and Property Graphs
• Who Controls the Internet?: Analyzing Global Threats Using Property Graph Traversals
• Hey, You Have a Problem: On the Feasibility of Large-Scale Web Vulnerability Notification
• POSTER: Mapping the Landscape of Large-Scale Vulnerability Notifications
• Uses and Abuses of Server-Side Requests
• Attribute-based Credentials for Trust: Technical Implementation and Feasibility
• Cashing Out the Great Cannon? On Browser-Based DDoS Attacks and Economics
• In the Compression Hornet's Nest: A Security Study of Data Compression in Network Services
• jÄk: Using Dynamic Analysis to Crawl and Test Modern Web Applications
• On the Feasibility of Side-Channel Attacks in a Virtualized Environment
• Toward Black-Box Detection of Logic Flaws in Web Applications
• An Authentication Flaw in Browser-based Single Sign-On Protocols: Impact and Remediations
• A Tool for Supporting Developers in Analyzing the Security of Web-Based Security Protocols
• From Model-Checking to Automated Testing of Security Protocols: Bridging the Gap
• The AVANTSSAR Platform for the Automated Validation of Trust and Security of Service-Oriented Architectures
• From Multiple Credentials to Browser-Based Single Sign-On: Are We More Secure?
• Security Validation of Business Processes via Model-Checking
• Ad-Versarial
• Deemon
• Guenther