Giancarlo Pellegrino
Giancarlo Pellegrino
Research
Research group
Publications
Scienceware
Funded Projects
Teaching
Open Positions
Internships/Assistants/Theses
Publications
Type
Conference paper
Journal article
Book section
Date
2025
2024
2023
2022
2021
2020
2019
2018
2017
2016
2015
2014
2013
2012
2011
2010
YuraScanner: Leveraging LLMs for Task-driven Web App Scanning
Aleksei Stafeev
,
Tim Recktenwald
,
Gianluca De Stefano
,
Soheil Khodayari
,
Giancarlo Pellegrino
PDF
Cite
Uncovering the Role of Support Infrastructure in Clickbait PDF Campaigns
Giada Stivala
,
Gianluca De Stefano
,
Andrea Mengascini
,
Mariano Graziano
,
Giancarlo Pellegrino
PDF
Cite
The Great Request Robbery: An Empirical Study of Client-side Request Hijacking Vulnerabilities on the Web
Soheil Khodayari
,
Thomas Barber
,
Giancarlo Pellegrino
PDF
Cite
The Big Brother's New Playground: Unmasking the Illusion of Privacy in Web Metaverses from a Malicious User's Perspective
Andrea Mengascini
,
Ryan Aurelio
,
Giancarlo Pellegrino
PDF
Cite
SSRF vs. Developers: A Study of SSRF-Defenses in PHP Applications
Malte Wessels
,
Simon Koch
,
Giancarlo Pellegrino
,
Martin Johns
PDF
Cite
SoK: State of the Krawlers - Evaluating the Effectiveness of Crawling Algorithms for Web Security Measurements
Aleksei Stafeev
,
Giancarlo Pellegrino
PDF
Cite
Rag and Roll: An End-to-End Evaluation of Indirect Prompt Manipulations in LLM-based Application Frameworks
Gianluca De Stefano
,
Lea Schönherr
,
Giancarlo Pellegrino
PDF
Cite
The Leaky Web: Automated Discovery of Cross-Site Information Leaks in Browsers and the Web
Jannis Rautenstrauch
,
Giancarlo Pellegrino
,
Ben Stock
PDF
Cite
It's (DOM) Clobbering Time: Attack Techniques, Prevalence, and Defenses
Soheil Khodayari
,
Giancarlo Pellegrino
PDF
Cite
From Attachments to SEO: Click Here to Learn More about Clickbait PDFs!
Giada Stivala
,
Sahar Abdelnabi
,
Andrea Mengascini
,
Mariano Graziano
,
Mario Fritz
,
Giancarlo Pellegrino
PDF
Cite
The State of the SameSite: Studying the Usage, Effectiveness, and Adequacy of SameSite Cookies
Soheil Khodayari
,
Giancarlo Pellegrino
PDF
Cite
Where We Stand (or Fall): An Analysis of CSRF Defenses in Web Frameworks
Xhelal Likaj
,
Soheil Khodayari
,
Giancarlo Pellegrino
PDF
Cite
JAW: Studying Client-side CSRF with Hybrid Property Graphs and Declarative Traversals
Soheil Khodayari
,
Giancarlo Pellegrino
PDF
Cite
Black Widow: Blackbox Data-driven Web Scanning
Benjamin Eriksson
,
Giancarlo Pellegrino
,
Andrei Sabelfeld
PDF
Cite
SentiNet: Detecting Localized Universal Attack Against Deep Learning Systems
Edward Chou
,
Florian Tramer
,
Giancarlo Pellegrino
PDF
Cite
Raccoon: Automated Verification of Guarded Race Conditions in Web Applications
Simon Koch
,
Tim Sauer
,
Martin Johns
,
Giancarlo Pellegrino
PDF
Cite
Deceptive Previews: A Study of the Link Preview Trustworthiness in Social Platforms
Giada Stivala
,
Giancarlo Pellegrino
PDF
Cite
Automatic Uncovering of Hidden Behaviors from Input Validation in Mobile Apps
Qingchuan Zhao
,
Chaoshun Zuo
,
Brendan Dolan-Gavitt
,
Giancarlo Pellegrino
,
Zhiqiang Lin
PDF
Cite
Geo-locating Drivers: A Study of Sensitive Data Leakagein Ride-Hailing Services
Qingchuan Zhao
,
Chaoshun Zuo
,
Giancarlo Pellegrino
,
Zhiqiang Lin
PDF
Cite
Fidelius: Protecting User Secrets from Compromised Browsers
Saba Eskandarian
,
Jonathan Cogan
,
Sawyer Birnbaum
,
Peh Brandon
,
Dillon Franke
,
Forest Fraser
,
Gaspar Garcia
,
Eric Gong
,
Hung Nguyen
,
Taresh Sethi
,
Vishal Subbiah
,
Michael Backes
,
Giancarlo Pellegrino
,
Dan Boneh
PDF
Cite
AdVersarial: Perceptual Ad Blocking meets Adversarial Machine Learning
Florian Tramer
,
Pascal Dupre
,
Gili Rusak
,
Giancarlo Pellegrino
,
Dan Boneh
PDF
Cite
The Rise of the Citizen Developer: Assessing the Security Impact of Online App Generators
Martin Oltrogge
,
Erik Derr
,
Christian Stransky
,
Sascha Fahl
,
Yasemin Acar
,
Christian Rossow
,
Giancarlo Pellegrino
,
Sven Bugiel
,
Michael Backes
PDF
Cite
SentiNet: Detecting Localized Universal Attacks Against Deep Learning Systems
Edward Chou
,
Florian Tramer
,
Giancarlo Pellegrino
PDF
Cite
Formally Reasoning about the Cost and Efficacy of Securing the Email Infrastructure
Patrick Speicher
,
Marcel Steinmetz
,
Robert Kuennemann
,
Milivoj Simeonovski
,
Giancarlo Pellegrino
,
Jorg Hoffmann
,
Michael Backes
PDF
Cite
Fidelius: Protecting User Secrets from Compromised Browsers
Saba Eskandarian
,
Jonathan Cogan
,
Sawyer Birnbaum
,
Peh Brandon
,
Dillon Franke
,
Forest Fraser
,
Gaspar Garcia
,
Eric Gong
,
Hung Nguyen
,
Taresh Sethi
,
Vishal Subbiah
,
Michael Backes
,
Giancarlo Pellegrino
,
Dan Boneh
PDF
Cite
Didn't You Hear Me? - Towards More Successful Web Vulnerability Notifications
Ben Stock
,
Giancarlo Pellegrino
,
Frank Li
,
Christian Rossow
,
Michael Backes
PDF
Cite
AdVersarial: Perceptual Ad Blocking meets Adversarial Machine Learning
Florian Tramer
,
Pascal Dupre
,
Gili Rusak
,
Giancarlo Pellegrino
,
Dan Boneh
PDF
Cite
Who Controls the Internet?: Analyzing Global Threats Using Property Graph Traversals
Milivoj Simeonovski
,
Giancarlo Pellegrino
,
Christian Rossow
,
Michael Backes
PDF
Cite
DOI
Deemon: Detecting CSRF with Dynamic Analysis and Property Graphs
Giancarlo Pellegrino
,
Martin Johns
,
Simon Koch
,
Michael Backes
,
Christian Rossow
PDF
Cite
DOI
Uses and Abuses of Server-Side Requests
Giancarlo Pellegrino
,
Onur Catakoglu
,
Davide Balzarotti
,
Christian Rossow
PDF
Cite
DOI
POSTER: Mapping the Landscape of Large-Scale Vulnerability Notifications
Ben Stock
,
Giancarlo Pellegrino
,
Christian Rossow
,
Martin Johns
,
Michael Backes
PDF
Cite
DOI
Hey, You Have a Problem: On the Feasibility of Large-Scale Web Vulnerability Notification
Ben Stock
,
Giancarlo Pellegrino
,
Christian Rossow
,
Martin Johns
,
Michael Backes
PDF
Cite
On the Feasibility of Side-Channel Attacks in a Virtualized Environment
Tsvetoslava Vateva-Gurova
,
Jesus Luna
,
Giancarlo Pellegrino
,
Neeraj Suri
PDF
Cite
DOI
jAEk: Using Dynamic Analysis to Crawl and Test Modern Web Applications
Giancarlo Pellegrino
,
Constantin Tschuertz
,
Eric Bodden
,
Christian Rossow
PDF
Cite
DOI
In the Compression Hornet's Nest: A Security Study of Data Compression in Network Services
Giancarlo Pellegrino
,
Davide Balzarotti
,
Stefan Winter
,
Neeraj Suri
PDF
Cite
Cashing Out the Great Cannon? On Browser-Based DDoS Attacks and Economics
Giancarlo Pellegrino
,
Christian Rossow
,
Fabrice J. Ryba
,
Thomas C. Schmidt
,
Matthias Waehlisch
PDF
Cite
Attribute-based Credentials for Trust: Technical Implementation and Feasibility
Gert Lassøe Mikkelsen
,
Kasper Damgard
,
Hans Guldager
,
Jonas Lindstrøm Jensen
,
Jesus Luna Garcia
,
Janus Dam Nielsen
,
Pascal Paillier
,
Giancarlo Pellegrino
,
Michael Bladt Stausholm
,
Neeraj Suri
,
Heng Zhang
PDF
Cite
DOI
Towards a framework for assessing the feasibility of side-channel attacks in virtualized environments
T. Vateva-Gurova
,
J. Luna
,
G. Pellegrino
,
N. Suri
Cite
Toward Black-Box Detection of Logic Flaws in Web Applications
Giancarlo Pellegrino
,
Davide Balzarotti
PDF
Cite
An Authentication Flaw in Browser-based Single Sign-On Protocols: Impact and Remediations
Alessandro Armando
,
Roberto Carbone
,
Luca Compagna
,
Jorge Cuellar
,
Giancarlo Pellegrino
,
Alessandro Sorniotti
PDF
Cite
DOI
A Tool for Supporting Developers in Analyzing the Security of Web-Based Security Protocols
Giancarlo Pellegrino
,
Luca Compagna
,
Thomas Morreggia
PDF
Cite
DOI
The AVANTSSAR Platform for the Automated Validation of Trust and Security of Service-Oriented Architectures
Alessandro Armando
,
Wihem Arsac
,
Tigran Avanesov
,
Michele Barletta
,
Alberto Calvi
,
Alessandro Cappai
,
Roberto Carbone
,
Yannick Chevalier
,
Luca Compagna
,
Jorge Cuellar
,
Gabriel Erzse
,
Simone Frau
,
Marius Minea
,
Sebastian Moedersheim
,
David Von Oheimb
,
Giancarlo Pellegrino
,
Serena Elisa Ponta
,
Marco Rocchetto
,
Michael Rusinowitch
,
Mohammad Torabi Dashti
,
Mathieu Turuani
,
Luca Vigano
PDF
Cite
DOI
From Model-Checking to Automated Testing of Security Protocols: Bridging the Gap
Alessandro Armando
,
Giancarlo Pellegrino
,
Roberto Carbone
,
Alessio Merlo
,
Davide Balzarotti
PDF
Cite
DOI
Security Validation of Business Processes via Model-Checking
Wihem Arsac
,
Luca Compagna
,
Giancarlo Pellegrino
,
Serena Elisa Ponta
PDF
Cite
DOI
From Multiple Credentials to Browser-Based Single Sign-On: Are We More Secure?
Alessandro Armando
,
Roberto Carbone
,
Luca Compagna
,
Jorge Cuellar
,
Giancarlo Pellegrino
,
Alessandro Sorniotti
PDF
Cite
DOI
Automatic Security Analysis of SAML-based Single Sign-On Protocols
Alessandro Armando
,
Roberto Carbone
,
Luca Compagna
Cite
Model-Checking Driven Security Testing of Web-Based Applications
A. Armando
,
R. Carbone
,
L. Compagna
,
K. Li
,
G. Pellegrino
Cite
DOI
Cite
×