Send email Copy Email Address
Research Group

Pellegrino

Application Security

Web application software is by far one of the most critical assets of our digital life. The Application Security (AppSec, in short) research group addresses the pressing challenges of identifying, studying, and solving vulnerabilities in modern web application software, at the application and platform levels. Our current interests include the analysis of new web vulnerabilities, program analysis (static, dynamic, and hybrid) that operates at scale, application of ML/AI to web application security, and the security and privacy of future application software systems, including immersive web applications.

Head of Group

Giancarlo Pellegrino

Email

Address

Kaiserstraße 21
66386 St. Ingbert (Germany)

Members

Soheil Khodayari

Giada Martina Stivala

Aleksei Stafeev

Gianluca De Stefano
Placeholder

Luy Seiwert
© Tobias Ebelshäuser

Andrea Mengascini
Placeholder

Tim Recktenwald
Placeholder

Raoul Scholtes
Placeholder

Jakob Graser
Placeholder

Ryan Aurelio
Placeholder

Prerak Mittal
Placeholder

Muhammad Sabeeh Rehman

Most Recent Publications

Year 2024

2024-05-20

The Great Request Robbery: An Empirical Study of Client-side Request Hijacking Vulnerabilities on the Web

Conference / Medium

SP
Proceedings of 45th IEEE Symposium on Security and Privacy45th IEEE Symposium on Security and Privacy

Tags
Secure Connected and Mobile Systems
Authors
Download Visit Detail Page

Year 2023

2023-10-02

From Attachments to SEO: Click Here to Learn More about Clickbait PDFs!

Conference / Medium

ACSAC
ACSAC '23ACSAC '23: Proceedings of the 38th Annual Computer Security Applications Conference

Tags
Secure Connected and Mobile Systems
Authors
Download Visit Detail Page
2023-10-02

From Attachments to SEO: Click Here to Learn More about Clickbait PDFs!

Conference / Medium

ACSAC
ACSAC '23ACSAC '23: Proceedings of the 38th Annual Computer Security Applications Conference

Tags
Secure Connected and Mobile Systems
Authors
Download Visit Detail Page
2023-05-22

It's (DOM) Clobbering Time: Attack Techniques, Prevalence, and Defenses

Conference / Medium

SP
44th IEEE Symposium on Security and Privacy44th IEEE Symposium on Security and Privacy

Tags
Secure Connected and Mobile Systems
Authors
Download Visit Detail Page
2023-05

The Leaky Web: Automated Discovery of Cross-Site Information Leaks in Browsers and the Web

Conference / Medium

SP
2023 IEEE Symposium on Security and Privacy (SP)44th IEEE Symposium on Security and Privacy

Tags
Secure Connected and Mobile Systems
Authors
Download Visit Detail Page