Research Group

Researchers

FTEs and assistants

Giancarlo Pellegrino

Group leader

Giancarlo is a tenure-track faculty at CISPA Helmholtz Center for Information Security. Before that, he was a visiting assistant professor at Stanford University and research group leader at CISPA as part of the CISPA-Stanford Center for Cybersecurity. Giancarlo got his PhD at Eurecom in Sophia-Antipolis (France), and, until August 2013, Giancarlo was a researcher associate in the Security and Trust group at the SAP research labs.

Soheil Khodayari

Postdoc

Soheil is a postdoc since September 2024. His research includes the development of reusable security analysis tools and techniques for the automated detection of vulnerabilities in web applications. He is the author of JAW (Javascript Analysis frameWork).

Giada Stivala

PhD student

Giada started her PhD in June 2019. Her research interests include phishing attacks, and on studying how these attacks are carried out through documents.

Aleksei (Alex) Stafeev

PhD student

Aleksei is a PhD student since August 2021. He is researching on new generation web application scanners.

Andrea Mengascini

PhD student

Andrea is a PhD student since November 2021. He is researching on the security and privacy of web metaverses.

Gianluca De Stefano

PhD student

Gianluca is a PhD student since September 2022. He is researching at the intersection of machine learning and program analysis.

Xuenan Zhang

Prep.-phase Grad School PhD student

Xuenan is a PhD student in the preparatory phase of CS gradschool at UdS. He is working on program analysis for large-scale web analysis.

Yigit Sever

Research Internship from METU, Turkey

Yigit is working on testing and building new algorithms to improve coverage in web measurements.

RAs

Research Assistants

2024: Prerak Mittal: Testing web scanners.

2024: Muhammad Sabeeh Rehman: Building LLM-based systems.

2024: Kiryl Khramiankou: Building LLM-based systems.

2023-24: Ryan Aurelio: Security and Privacy of WebVR (BSc thesis follow-up project).

2022-24: Tim Recktenwald: Building new web scanners; before: Looking for the most important developers in the world.

2022-24: Luy Seiwert: Developing a platform to share JAW results; before: Looking for the most important developers in the world.

2022-24: Raoul Scholtes: Polyglot program analysis (BSc thesis follow-up project).

Students

MSc/BSc thesis students

2024: Tim Recktenwald: MSc thesis project, Post-authentication scans at scale, Saarland University (DE)

2024: Prerak Mittal: MSc thesis project, Web API Vulnerabilities, Saarland University (DE)

2024: Raoul Scholtes: MSc thesis project, Efficient Program Analysis at Scale, Saarland University (DE)

2022/24: Sebastian Becking: MSc thesis project, Evaluating Malicious PDF Analysis Tools, Saarland University (DE)

2021/24: Sepehr Mirzaei: MSc student, Evaluation security assumptions when using the DOM tree

Alumni

Former members/students

2023/24: Jakob Graser: Research Assistant (HiWi).

2023: John Uwe Theo Schmitt: MSc thesis project, Human Scan Patterns in Task-driven Web Exploration, Saarland University (DE)

2022/23: Florian Romann: BSc thesis project, Stateful Web Application Scanning, Saarland University (DE)

2023: Anthony Gavazzi: Research Internship, PhD student from Northeastern University (USA)

2023: Lorenzo Cazzaro: Visiting PhD student from Ca’ Foscari University of Venice (IT)

2022/23: Ryan Aurelio: BSc thesis project, Security and Privacy of Metaverses, Saarland University (DE)

2022/23: Tim Recktenwald: BSc thesis project, Improving web application scanners with JavaScript dynamic analysis, Saarland University (DE)

2022/23: Kai Glauber: MSc thesis project, Hunting for Open Redirections in the Wild, Saarland University (DE)

2022: Benno Krauß: Research assistant (HiWi).

2022: Angelo Sotgiu: Visiting PhD student from the University of Cagliari (IT)

2021/22: Gianluca De Stefano: Research internship, Clustering of phishing PDF attacks, University of Trento (IT)

2021/22: Raoul Scholtes: BSc thesis project, Bilingual Code Property Graphs, Saarland University (DE)

2021: Jannis Rautenstrauch: MSc thesis project, XS-Leaks in Web Applications, Saarland University (DE)

2020/21: Dominik Kempter: BSc thesis project, Lightweight Dynamic Taint Flow Analysis for State-Changing Operations, Saarland University (DE)

2021: Andrea Mengascini: Research internship, Automated analysis of malcious URLs, University of Bologna (IT)

2020/21: Dominik Sautter: BSc thesis project, Client-side XSS Detection using Code Property Graphs, Saarland University (DE)

2020/21: Edoardo Vignani: MSc thesis project, Visiting student, Measuring the Challenges when Fuzzing Web Applications, University of Milan (IT)

2020/21: David Ahmed: Research assistant (HiWi).

2020/21: Nicolò Romandini: MSc thesis, Erasmus student, Agents to Explore the Attack Surface of Web Applications, University of Bologna (IT)

2020: Xhelal Likaj: MSc thesis, A Field Study of Anti-CSRF Countermeasures Used in Practice, Saarland University (DE)

2020: Tobias Faber: BSc thesis, Evaluating Strengths and Shortcomings of Web Scanners when Crawling Web Applications, Saarland University (DE)

2019/20: Alexander Troeger: Research assistant (HiWi).

2017: Sebastian Becking: MSc thesis, Old Wine Into New Wineskins: Spreading Malware In Social Networks, Saarland University (DE)

2016-18: Simon Koch: Research assistant (HiWi). MSc thesis, Detecting Race Conditions in Web Applications, Saarland University (DE)

2016-19: Pascal Duprè: Research assistant (HiWi). BSc thesis, Vetting an Advertisement Review System, Saarland University (DE).

2017: Andrey Chernov: MSc thesis, Developing a Property Graph-based Framework for Analysis of Large-scale Network Threats, Saarland University (DE)