Team members

Giancarlo Pellegrino

Group leader

Giancarlo is a tenure-track faculty at CISPA Helmholtz Center for Information Security. Before that, he was a visiting assistant professor at Stanford University and research group leader at CISPA as part of the CISPA-Stanford Center for Cybersecurity. Giancarlo got his PhD at Eurecom in Sophia-Antipolis (France), and, until August 2013, Giancarlo was a researcher associate in the Security and Trust group at the SAP research labs.

Yuqing Yang

Postdoc

Yuqing’s research interest lies in web security for emerging platforms, such as super apps, vulnerability, and malware detection.

Personal website

Giada Stivala

PhD student

Giada started her PhD in June 2019. Her research interests include phishing attacks, and on studying how these attacks are carried out through documents.

Aleksei (Alex) Stafeev

PhD student

Aleksei is a PhD student since August 2021. He is researching on new generation web application scanners.

Andrea Mengascini

PhD student

Andrea is a PhD student since November 2021. He is researching on the security and privacy of web metaverses.

Gianluca De Stefano

PhD student

Gianluca is a PhD student since September 2022. He is researching at the intersection of machine learning and program analysis.

Xuenan Zhang

Prep.-phase Grad School PhD student

Xuenan is a PhD student in the preparatory phase of CS gradschool at UdS. He is working on program analysis for large-scale web analysis.

Jakub Pružinec

Prep.-phase Grad School PhD student

Jakub is a PhD student in the preparatory phase of CS gradschool at UdS. He is interested in static analysis.

Research Assistants

RAs/HiWis

2024: Prerak Mittal: Testing web scanners.

2023-24: Ryan Aurelio: Security and Privacy of WebVR (BSc thesis follow-up project).

2022-24: Tim Recktenwald: Building new web scanners; before: Looking for the most important developers in the world.

Students

MSc/BSc thesis students

2024: Tim Recktenwald: MSc thesis project, Post-authentication scans at scale, Saarland University (DE)

2024: Prerak Mittal: MSc thesis project, Web API Vulnerabilities, Saarland University (DE)

2022/24: Sebastian Becking: MSc thesis project, Evaluating Malicious PDF Analysis Tools, Saarland University (DE)

Alumni

Former members and visitors

2019/24: Soheil Khodayari: Soheil was a PhD student and postdoc. He defended his PhD thesis in September 2024. His research includes the development of reusable security analysis tools and techniques for the automated detection of vulnerabilities in web applications. He is the author of JAW (Javascript Analysis frameWork).

2024/25: Yigit Sever: Research Internship, from METU, Turkey

2023: Anthony Gavazzi: Research Internship, PhD student from Northeastern University (USA)

2023: Lorenzo Cazzaro: Visiting PhD student from Ca’ Foscari University of Venice (IT)

2022: Angelo Sotgiu: Visiting PhD student from the University of Cagliari (IT)

Former Students

BSc/MSc students

  • Sepehr Mirzaei, 2021/24, MSc student, Evaluation security assumptions when using the DOM tree, Saarland University (DE)
  • Muhammad Sabeeh Rehman, 2024, Building LLM-based systems, Saarland University (DE)
  • Luy Seiwert, 2022-24, Developing a platform to share JAW results; before: Looking for the most important developers in the world, Saarland University (DE)
  • Raoul Scholtes, 2022-24, Polyglot program analysis (BSc thesis) and Efficient Program Analysis at Scale (MSc thesis), Saarland University (DE)
  • Kiryl Khramiankou, 2024, Research Assistant (HiWi), Saarland University (DE)
  • Jakob Graser, 2023/24, Research Assistant (HiWi), Saarland University (DE)
  • John Uwe Theo Schmitt, 2023, MSc thesis project, Human Scan Patterns in Task-driven Web Exploration, Saarland University (DE)
  • Florian Romann, 2022/23, BSc thesis project, Stateful Web Application Scanning, Saarland University (DE)
  • Ryan Aurelio, 2022/23, BSc thesis project, Security and Privacy of Metaverses, Saarland University (DE)
  • Tim Recktenwald, 2022/23, BSc thesis project, Improving web application scanners with JavaScript dynamic analysis, Saarland University (DE)
  • Kai Glauber, 2022/23, MSc thesis project, Hunting for Open Redirections in the Wild, Saarland University (DE)
  • Benno Krauß, 2022, Research assistant (HiWi), Saarland University (DE)
  • Raoul Scholtes, 2021/22, BSc thesis project, Bilingual Code Property Graphs, Saarland University (DE)
  • Jannis Rautenstrauch, 2021, MSc thesis project, XS-Leaks in Web Applications, Saarland University (DE)
  • Dominik Kempter, 2020/21, BSc thesis project, Lightweight Dynamic Taint Flow Analysis for State-Changing Operations, Saarland University (DE)
  • Dominik Sautter, 2020/21, BSc thesis project, Client-side XSS Detection using Code Property Graphs, Saarland University (DE)
  • Edoardo Vignani, 2020/21, MSc thesis project, Visiting student, Measuring the Challenges when Fuzzing Web Applications, University of Milan (IT)
  • David Ahmed, 2020/21, Research assistant (HiWi), Saarland University (DE)
  • Nicolò Romandini, 2020/21, MSc thesis, Erasmus student, Agents to Explore the Attack Surface of Web Applications, University of Bologna (IT)
  • Xhelal Likaj, 2020, MSc thesis, A Field Study of Anti-CSRF Countermeasures Used in Practice, Saarland University (DE)
  • Tobias Faber, 2020, BSc thesis, Evaluating Strengths and Shortcomings of Web Scanners when Crawling Web Applications, Saarland University (DE)
  • Alexander Troeger, 2019/20, Research assistant (HiWi), Saarland University (DE)
  • Sebastian Becking, 2017, MSc thesis, Old Wine Into New Wineskins: Spreading Malware In Social Networks, Saarland University (DE)
  • Simon Koch, 2016-18, Research assistant (HiWi). MSc thesis, Detecting Race Conditions in Web Applications, Saarland University (DE)
  • Pascal Duprè, 2016-19, Research assistant (HiWi). BSc thesis, Vetting an Advertisement Review System, Saarland University (DE)
  • Andrey Chernov, 2017, MSc thesis, Developing a Property Graph-based Framework for Analysis of Large-scale Network Threats, Saarland University (DE)