Publications

(2021). Where We Stand (or Fall): An Analysis of CSRF Defenses in Web Frameworks. Symposium on Research in Attacks, Intrusions and Defenses (RAID'21), San Sebastian, Spain, October 6-8, 2021.

PDF Cite

(2021). Black Widow: Blackbox Data-driven Web Scanning. Proceeding of the 42nd IEEE Symposium on Security & Privacy.

PDF Cite

(2020). Deceptive Previews: A Study of the Link Preview Trustworthiness in Social Platforms. 27th Annual Network and Distributed System Security symposium, February 2020.

PDF Cite

(2017). Deemon: Detecting CSRF with Dynamic Analysis and Property Graphs. Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security.

PDF Cite DOI

(2016). Uses and Abuses of Server-Side Requests. Research in Attacks, Intrusions, and Defenses: 19th International Symposium, RAID 2016, Paris, France, September 19-21, 2016, Proceedings.

PDF Cite DOI

(2015). On the Feasibility of Side-Channel Attacks in a Virtualized Environment. E-Business and Telecommunications: 11th International Joint Conference, ICETE 2014, Vienna, Austria, August 28-30, 2014, Revised Selected Papers.

PDF Cite DOI

(2015). jÄk: Using Dynamic Analysis to Crawl and Test Modern Web Applications. Research in Attacks, Intrusions, and Defenses: 18th International Symposium, RAID 2015, Kyoto, Japan,November 2-4, 2015. Proceedings.

PDF Cite DOI

(2014). Toward Black-Box Detection of Logic Flaws in Web Applications. 21st Annual Network and Distributed System Security symposium (NDSS 2014).

PDF Cite

(2013). A Tool for Supporting Developers in Analyzing the Security of Web-Based Security Protocols. Testing Software and Systems: 25th IFIP WG 6.1 International Conference, ICTSS 2013, Istanbul, Turkey, November 13-15, 2013, Proceedings.

PDF Cite DOI

(2012). From Model-Checking to Automated Testing of Security Protocols: Bridging the Gap. Tests and Proofs: 6th International Conference, TAP 2012, Prague, Czech Republic, May 31 – June 1, 2012. Proceedings.

PDF Cite DOI

(2011). Security Validation of Business Processes via Model-Checking. Engineering Secure Software and Systems: Third International Symposium, ESSoS 2011, Madrid, Spain, February 9-10, 2011. Proceedings.

PDF Cite DOI

(2011). From Multiple Credentials to Browser-Based Single Sign-On: Are We More Secure?. Future Challenges in Security and Privacy for Academia and Industry: 26th IFIP TC 11 International Information Security Conference, SEC 2011, Lucerne, Switzerland, June 7-9, 2011. Proceedings.

PDF Cite DOI

(2011). Automatic Security Analysis of SAML-based Single Sign-On Protocols. Digital Identity and Access Management: Technologies and Framework, Business Science.

Cite

(2010). Model-Checking Driven Security Testing of Web-Based Applications. 2010 Third International Conference on Software Testing, Verification, and Validation Workshops.

Cite DOI