It's (DOM) Clobbering Time: Attack Techniques, Prevalence, and Defenses

The Leaky Web: Automated Discovery of Cross-Site Information Leaks in Browsers and the Web

The State of the SameSite: Studying the Usage, Effectiveness, and Adequacy of SameSite Cookies

Black Widow: Blackbox Data-driven Web Scanning

JAW: Studying Client-side CSRF with Hybrid Property Graphs and Declarative Traversals

Where We Stand (or Fall): An Analysis of CSRF Defenses in Web Frameworks

Automatic Uncovering of Hidden Behaviors from Input Validation in Mobile Apps

Deceptive Previews: A Study of the Link Preview Trustworthiness in Social Platforms

Raccoon: Automated Verification of Guarded Race Conditions in Web Applications

SentiNet: Detecting Localized Universal Attack Against Deep Learning Systems