Soheil Khodayari

YURASCANNER: Leveraging LLMs for Task-driven Web App Scanning
The Great Request Robbery: An Empirical Study of Client-side Request Hijacking Vulnerabilities on the Web
It's (DOM) Clobbering Time: Attack Techniques, Prevalence, and Defenses
The State of the SameSite: Studying the Usage, Effectiveness, and Adequacy of SameSite Cookies
JAW: Studying Client-side CSRF with Hybrid Property Graphs and Declarative Traversals
Where We Stand (or Fall): An Analysis of CSRF Defenses in Web Frameworks