Faculty

Giancarlo Pellegrino

Empirical & Behavioral Security Security Testing Vulnerability Analysis Vulnerability Detection

Email

Address

Kaiserstraße 21
66386 St. Ingbert (Germany)

Awards (selection)

2017: Busy Beaver Award for "Cybersecurity I"

Further Information

Short Bio

Dr. Giancarlo Pellegrino is a tenured Faculty at CISPA Helmholtz Center for Information Security. Before that he was a visiting assistant professor at Stanford University and research group leader at CISPA as part of the CISPA-Stanford Center for Cybersecurity. He got his PhD at Eurecom in Sophia-Antipolis (France) under the supervision of Davide Balzarotti. Until August 2013, Giancarlo was a researcher associate in the Security and Trust group at the SAP research labs.

CV: Last stations

Since 2017: Faculty at CISPA Helmholtz Center for Information Security
Since 2017: Visiting Assistant Professor at Stanford University
2017 - 2018: Visiting Scholar at Stanford University
2015 - 2017: Postdoctoral Researcher at Saarland University

Publications by Giancarlo Pellegrino

Year 2025

2025-04-28

Permission Rationales in the Web Ecosystem: An Exploration of Rationale Text and Design Patterns

Conference / Medium

International Conference on Human Factors in Computing Systems (CHI)

Tags

Empirical & Behavioral Security

Authors

Yusra Elbitar
Soheil Khodayari
Marian Harbach
Gianluca De Stefano
Balazs Csaba Engedy
Giancarlo Pellegrino
Sven Bugiel

Full Paper Visit Detail Page

2025-02-24

Do (Not) Follow the White Rabbit: Challenging the Myth of Harmless Open Redirection

Conference / Medium

Network and Distributed System Security Symposium (NDSS)

Tags

Empirical & Behavioral Security

Authors

Soheil Khodayari
Kai Glauber
Giancarlo Pellegrino

Full Paper Visit Detail Page

Year 2024

2024-12-09

YuraScanner: Leveraging LLMs for Task-driven Web App Scanning

Conference / Medium

Network and Distributed System Security Symposium (NDSS)

Tags

Empirical & Behavioral Security

Authors

Full Paper Visit Detail Page

2024-08

SSRF vs. Developers: A Study of SSRF-Defenses in PHP Applications

Conference / Medium

Usenix Security Symposium (USENIX-Security)

Tags

Empirical & Behavioral Security

Authors

Malte Wessels
Simon Koch
Giancarlo Pellegrino
Martin Johns

Full Paper Visit Detail Page

2024-07-01

Uncovering the Role of Support Infrastructure in Clickbait PDF Campaigns

Conference / Medium

IEEE European Symposium on Security and Privacy (EuroS&P)

Tags

Empirical & Behavioral Security

Authors

Full Paper Visit Detail Page

2024-05-20

The Great Request Robbery: An Empirical Study of Client-side Request Hijacking Vulnerabilities on the Web

Conference / Medium

IEEE Symposium on Security and Privacy (S&P)

Tags

Empirical & Behavioral Security

Authors

Soheil Khodayari
Barber Thomas
Giancarlo Pellegrino

Full Paper Visit Detail Page

2024-01-01

SoK: State of the Krawlers - Evaluating the Effectiveness of Crawling Algorithms for Web Security Measurements

Conference / Medium

Usenix Security Symposium (USENIX-Security)

Tags

Empirical & Behavioral Security

Authors

Full Paper Visit Detail Page

2024-01-01

The Big Brother’s New Playground: Unmasking the Illusion of Privacy in Web Metaverses from a Malicious User’s Perspective

Conference / Medium

ACM Conference on Computer and Communications Security (CCS)

Tags

Empirical & Behavioral Security

Authors

Full Paper Visit Detail Page

Year 2023

2023-11-27

From Attachments to SEO: Click Here to Learn More about Clickbait PDFs!

Conference / Medium

Annual Computer Security Applications Conference (ACSAC)

Tags

Trustworthy Information Processing

Authors

Full Paper Visit Detail Page

2023-05-25

The Leaky Web: Automated Discovery of Cross-Site Information Leaks in Browsers and the Web

Conference / Medium

IEEE Symposium on Security and Privacy (S&P)

Tags

Empirical & Behavioral Security

Authors

Full Paper Visit Detail Page