Giancarlo Pellegrino
Giancarlo Pellegrino
Research
Research group
Publications
Scienceware
Funded Projects
Teaching
Open Positions
Internships/Assistants/Theses
Giancarlo Pellegrino
Latest
It's (DOM) Clobbering Time: Attack Techniques, Prevalence, and Defenses
The Leaky Web: Automated Discovery of Cross-Site Information Leaks in Browsers and the Web
The State of the SameSite: Studying the Usage, Effectiveness, and Adequacy of SameSite Cookies
Black Widow: Blackbox Data-driven Web Scanning
JAW: Studying Client-side CSRF with Hybrid Property Graphs and Declarative Traversals
Where We Stand (or Fall): An Analysis of CSRF Defenses in Web Frameworks
Black Widow
Automatic Uncovering of Hidden Behaviors from Input Validation in Mobile Apps
Deceptive Previews: A Study of the Link Preview Trustworthiness in Social Platforms
Raccoon: Automated Verification of Guarded Race Conditions in Web Applications
SentiNet: Detecting Localized Universal Attack Against Deep Learning Systems
AdVersarial: Perceptual Ad Blocking meets Adversarial Machine Learning
Fidelius: Protecting User Secrets from Compromised Browsers
Geo-locating Drivers: A Study of Sensitive Data Leakagein Ride-Hailing Services
AdVersarial: Perceptual Ad Blocking meets Adversarial Machine Learning
Didn't You Hear Me? - Towards More Successful Web Vulnerability Notifications
Fidelius: Protecting User Secrets from Compromised Browsers
Formally Reasoning about the Cost and Efficacy of Securing the Email Infrastructure
SentiNet: Detecting Localized Universal Attacks Against Deep Learning Systems
The Rise of the Citizen Developer: Assessing the Security Impact of Online App Generators
Deemon: Detecting CSRF with Dynamic Analysis and Property Graphs
Who Controls the Internet?: Analyzing Global Threats Using Property Graph Traversals
Hey, You Have a Problem: On the Feasibility of Large-Scale Web Vulnerability Notification
POSTER: Mapping the Landscape of Large-Scale Vulnerability Notifications
Uses and Abuses of Server-Side Requests
Attribute-based Credentials for Trust: Technical Implementation and Feasibility
Cashing Out the Great Cannon? On Browser-Based DDoS Attacks and Economics
In the Compression Hornet's Nest: A Security Study of Data Compression in Network Services
jÄk: Using Dynamic Analysis to Crawl and Test Modern Web Applications
On the Feasibility of Side-Channel Attacks in a Virtualized Environment
Toward Black-Box Detection of Logic Flaws in Web Applications
An Authentication Flaw in Browser-based Single Sign-On Protocols: Impact and Remediations
A Tool for Supporting Developers in Analyzing the Security of Web-Based Security Protocols
From Model-Checking to Automated Testing of Security Protocols: Bridging the Gap
The AVANTSSAR Platform for the Automated Validation of Trust and Security of Service-Oriented Architectures
From Multiple Credentials to Browser-Based Single Sign-On: Are We More Secure?
Security Validation of Business Processes via Model-Checking
Ad-Versarial
Deemon
Guenther
Cite
×