Send email Copy Email Address
Research Group

Pellegrino

Application Security

Web application software is by far one of the most critical assets of our digital life. The Application Security (AppSec, in short) research group addresses the pressing challenges of identifying, studying, and solving vulnerabilities in modern web application software, at the application and platform levels. Our current interests include the analysis of new web vulnerabilities, program analysis (static, dynamic, and hybrid) that operates at scale, application of ML/AI to web application security, and the security and privacy of future application software systems, including immersive web applications.

Head of Group

Giancarlo Pellegrino

Email

Address

Kaiserstraße 21
66386 St. Ingbert (Germany)

Members

Giada Martina Stivala

Aleksei Stafeev

Gianluca De Stefano
© Tobias Ebelshäuser

Andrea Mengascini
Placeholder

Tim Recktenwald
Placeholder

Ryan Aurelio
Placeholder

Muhammad Sabeeh Rehman

Most Recent Publications

Year 2025

2025-04-28

Permission Rationales in the Web Ecosystem: An Exploration of Rationale Text and Design Patterns

Conference / Medium

International Conference on Human Factors in Computing Systems (CHI)

Tags
Empirical & Behavioral Security
Authors
Full Paper Visit Detail Page
2025-02-24

Do (Not) Follow the White Rabbit: Challenging the Myth of Harmless Open Redirection

Conference / Medium

Network and Distributed System Security Symposium (NDSS)

Tags
Empirical & Behavioral Security
Authors
Full Paper Visit Detail Page

Year 2024

2024-12-09

YuraScanner: Leveraging LLMs for Task-driven Web App Scanning

Conference / Medium

Network and Distributed System Security Symposium (NDSS)

Tags
Empirical & Behavioral Security
Authors
Full Paper Visit Detail Page
2024-08

SSRF vs. Developers: A Study of SSRF-Defenses in PHP Applications

Conference / Medium

Usenix Security Symposium (USENIX-Security)

Tags
Empirical & Behavioral Security
Authors
Full Paper Visit Detail Page
2024-07-01

Uncovering the Role of Support Infrastructure in Clickbait PDF Campaigns

Conference / Medium

IEEE European Symposium on Security and Privacy (EuroS&P)

Tags
Empirical & Behavioral Security
Authors
Full Paper Visit Detail Page