Send email Copy Email Address



Kaiserstraße 21
66386 St. Ingbert (Germany)

Further Information

Short Bio

I am a tenure-track faculty at CISPA Helmholtz Center for Information Security. Before that I was a visiting assistant professor at Stanford University and research group leader at CISPA as part of the CISPA-Stanford Center for Cybersecurity. I got my PhD at Eurecom in Sophia-Antipolis (France) under the supervision of Davide Balzarotti. Until August 2013, I was a researcher associate in the Security and Trust group at the SAP research labs.

Publications by Giancarlo Pellegrino

Year 2023

Conference / Medium

44th IEEE Symposium on Security and Privacy44th IEEE Symposium on Security and Privacy

Year 2022

Conference / Medium

43rd IEEE Symposium on Security and Privacy (S&P '22)

Year 2021

Conference / Medium

24th International Symposium on Research in Attacks, Intrusions and Defenses (RAID ’21)

Conference / Medium

USENIX Security Symposium30th USENIX Security Symposium (USENIX Security'21)

Conference / Medium

proceedings of IEEE SSP 2021IEEE Symposium on Security and Privacy, Proceedings of SSP 2021

Year 2020

Conference / Medium

IEEE SPW 20203rd Deep Learning and Security Workshop (DLS 2020)

Conference / Medium

27th Annual Network and Distributed System Security symposium

Year 2019

Conference / Medium

Proceedings of the 2019 ACM SIGSAC Conference on Computer and Communications SecurityCCS 19

Teaching by Giancarlo Pellegrino

Winter 2021/22

Joint Advances in Web Security

For registration, please apply for this seminar through the central seminar assignment system.


In this seminar, students will learn to present, discuss, and summarize papers in different areas of Web security. The seminar is taught as a combination of a reading group with weekly meetings and a regular seminar, where you have to write a seminar paper. Specifically, each student will get a single topic assigned to them, consisting of two papers (a lead and follow-up paper).

For the weekly meetings, all students have to have read the lead paper and must state at least three questions before the meeting. In the meeting, the assigned student will present the follow-up paper (20 minute presentation + 10 minute Q/A). Afterward, the entire group will discuss both papers.

Moreover, each student will write a seminar paper on the topic assigned to them, for which the two papers on the topic serve as the starting point.

Important Dates

  • Kickoff: Monday, October 25, 10am, in person in CISPA 0.02
  • Regular seminar starts Monday, November 8, ends Monday, February 7
  • By Sunday night, 23:59, submit three questions (if you are not presenting the follow-up paper)
  • Mandatory feedback round/practice talk on Thursday before the presentation (arrange exact time with supervisor)
  • Attendance in all meetings and submission of three questions for each topic is mandatory. For exceptional cases, contact the teaching staff.

Seminar Paper Details

Each seminar paper is meant to provide a summary/categorization of research papers in the associated area. Depending on the topic, the paper should be structured in a logical fashion. For example, assume the topic of Service Workers. One might classify the seminar paper based on security considerations for Service Workers, attacks against Service Workers, and attacks enabled through Service Workers. Each section should demonstrate the state of the art in the area. Finally, the paper should, where possible, discuss limitations and open issues given the previously conducted work.

All seminar papers are due on February 11, 2022. Based on your submission, you will receive feedback within one week and have until March 4, 2022 to improve your paper. The paper grading will be on the final version. Note that the first submission must already be sufficient to pass. If you submit a half-baked version of the paper, you will flunk the course.

Each paper must use the provided template. It must not be longer than 8 pages, not counting references and appendices. Note that appendices are not meant to provide information that is absolutely necessary to understand the paper, but rather to provide auxiliary material. Papers can be shorter, but in general the provided page limit is a good indicator of how long a paper should be.

List of Topics and Papers

The list of topics, papers, and dates for the respective meetings can be found here.

Winter 2021/22

Perspectives of Cyber Security

In this lecture series, we give insights into the founders' activities in the vicinity of cybersecurity. We put a focus on marketable and innovative ideas and trends.

Please note that the goal of this course is to provide first-hand insights into how to create successful startups in cybersecurity. While it is aimed at the students of the Entrepreneurial Cybersecurity Masters Program for grading and achieving the CP, we invite everyone interested to attend the talks also when not participating to get CP!


This lecture takes place every Thursday, 14:15 to 16:00 on Zoom. Instructions to access the lecture will be provided soon.

Note: To allow invited guests from the US to join POSER, we will use two exceptional slots at 18:15 - 20:00 (marked in yellow) 

Every event is composed of a new topic presented by an invited founder or VC who presents their story.

Date Time Presenter URL / Topic
Oct 21 14:15 – 14:45 Sven Bugiel and Giancarlo Pellegrino
  • Introduction and kick-off
Oct 28 14:15 – 15:00

Marc Schickhaus (CISPA)

  • The CISPA Incubator
  • How to give a pitch
Nov 04 14:15 – 16:00 TBA  
Nov 11 14:15 – 16:00



Nov 18 14:15 – 16:00



Nov 25 14:15 – 16:00 Lukas Bieringer (QuantPi)
Dec 02 14:15 – 16:00



Dec 09 14:15 – 16:00

Fabian Yamaguchi (ShiftLeft)

Dec 16 18:15 – 20:00

Pedram Amini (InQuest)

No presentations between Dec 23 and Jan 06
Jan 13 14:15 – 16:00 Christian Arndt (HTGF)
Jan 20 18:15 – 20:00

Zakir Durumeric (Stanford University and Censys)

Jan 27 14:15 – 16:00

Stefan Nürnberger (Elexir)

Feb 03 14:15 – 16:00

TBA (Bitahoy)

Modus Operandi

Weekly presentations and Q&A

Roughly every week will be a presentation by a founder of a security/privacy-related startup (or a company that sees an urgent need for a security/privacy product in its domain). This talk is followed by a Q&A (or interview) with the presenter. This should give you insights into the experiences of creating a startup.

The following only applies for participants that want to get CP.

Students task (mandatory): In preparation for the Q&A session, every student has to prepare by checking the startup and supplemental material (URLs are in the schedule) and submit via the CMS 2-3 questions they would ask in the Q&A. Questions could be related to the niche in the market that the company occupies, the target group they aim at, pitfalls and challenges etc.


Joint event

At the end of the semester (tentative date: TBA) we will have a joint 1-day event where every student/team pitches its own idea for a product in a short presentation with subsequent feedback/discussion. The idea of this event is to make students go once through the process of developing an idea, doing the necessary background research, and then pitching it in front of an audience. 

To this end, the CISPA faculty will provide a short list of recent research results with potential for tech transfer into a product, and students/teams should derive their product idea and pitch from this list. This avoids the need to reveal any real business idea that students already have in mind and at the same time this day also provides an opportunity to exchange ideas and thoughts with the CISPA faculty.

To prepare for this event, in the introduction, you'll get to know

  • General guidelines for entrepreneurial pitches
  • A typical pitch structure
  • How to motivate your topic


Grading and requirements for passing the course

The final grade is based on your pitch at the joint event. We base this grade on:

  1. 50% Content:
    • A 5-page report, showing the research for your product idea 
  2. 50% Form, of which 12.5% each:
    1. Structure/Thread
    2. Action Titles (covered in intro lecture)
    3. MECE (, covered in intro lecture)
    4. General presentation (e.g., rhetoric)

To pass the course, you need:

  1. Hand in the Q&A questions in preparation for each talk
  2. Attend the talks
  3. Achieve at least 50% in your pitch

LSF Registration

You have to register for the course in LSF until Nov 11 in order to receive a grade.

Summer 2020

Block Course: Secure Web Development

In this lecture you will learn: the architecture of modern web applications, basics on secure software engineering, the art of secure software assessment and code review techniques, how to build securely an HTTP message processing pipeline (web authentication, authorization, session, logic, data, and more), advanced threats, vulnerabilities, secure coding, and design patterns.

Summer 2020

Proseminar: Influential papers in Web Security

This proseminar is meant to provide students an overview over influential papers in the area of Web security. As a proseminar’s primary purpose is to learn presentation skills, the seminar will feature two presentations from each student.

More information

Winter 2019/20

Seminar: Joint Advances in Web Security

In this seminar, students will learn to present, discuss, and summarize papers in different areas of Web security.