default search action
Giancarlo Pellegrino
Person information
- affiliation: CISPA Helmholtz Center for Information Security, Saarbrücken, Germany
Refine list
refinements active!
zoomed in on ?? of ?? records
view refined list in
export refined list as
2020 – today
- 2024
- [c39]Andrea Mengascini, Ryan Aurelio, Giancarlo Pellegrino:
The Big Brother's New Playground: Unmasking the Illusion of Privacy in Web Metaverses from a Malicious User's Perspective. CCS 2024: 2162-2176 - [c38]Giada Stivala, Gianluca De Stefano, Andrea Mengascini, Mariano Graziano, Giancarlo Pellegrino:
Uncovering the Role of Support Infrastructure in Clickbait PDF Campaigns. EuroS&P 2024: 155-172 - [c37]Soheil Khodayari, Thomas Barber, Giancarlo Pellegrino:
The Great Request Robbery: An Empirical Study of Client-side Request Hijacking Vulnerabilities on the Web. SP 2024: 166-184 - [c36]Aleksei Stafeev, Giancarlo Pellegrino:
SoK: State of the Krawlers - Evaluating the Effectiveness of Crawling Algorithms for Web Security Measurements. USENIX Security Symposium 2024 - [c35]Malte Wessels, Simon Koch, Giancarlo Pellegrino, Martin Johns:
SSRF vs. Developers: A Study of SSRF-Defenses in PHP Applications. USENIX Security Symposium 2024 - [i7]Gianluca De Stefano, Lea Schönherr, Giancarlo Pellegrino:
Rag and Roll: An End-to-End Evaluation of Indirect Prompt Manipulations in LLM-based Application Frameworks. CoRR abs/2408.05025 (2024) - [i6]Giada Stivala, Gianluca De Stefano, Andrea Mengascini, Mariano Graziano, Giancarlo Pellegrino:
Uncovering the Role of Support Infrastructure in Clickbait PDF Campaigns. CoRR abs/2408.06133 (2024) - 2023
- [c34]Giada Stivala, Sahar Abdelnabi, Andrea Mengascini, Mariano Graziano, Mario Fritz, Giancarlo Pellegrino:
From Attachments to SEO: Click Here to Learn More about Clickbait PDFs! ACSAC 2023: 14-28 - [c33]Soheil Khodayari, Giancarlo Pellegrino:
It's (DOM) Clobbering Time: Attack Techniques, Prevalence, and Defenses. SP 2023: 1041-1058 - [c32]Jannis Rautenstrauch, Giancarlo Pellegrino, Ben Stock:
The Leaky Web: Automated Discovery of Cross-Site Information Leaks in Browsers and the Web. SP 2023: 2744-2760 - [i5]Giada Stivala, Sahar Abdelnabi, Andrea Mengascini, Mariano Graziano, Mario Fritz, Giancarlo Pellegrino:
A Large-Scale Study of Phishing PDF Documents. CoRR abs/2308.01273 (2023) - 2022
- [c31]Soheil Khodayari, Giancarlo Pellegrino:
The State of the SameSite: Studying the Usage, Effectiveness, and Adequacy of SameSite Cookies. SP 2022: 1590-1607 - [e2]Lorenzo Cavallaro, Daniel Gruss, Giancarlo Pellegrino, Giorgio Giacinto:
Detection of Intrusions and Malware, and Vulnerability Assessment - 19th International Conference, DIMVA 2022, Cagliari, Italy, June 29 - July 1, 2022, Proceedings. Lecture Notes in Computer Science 13358, Springer 2022, ISBN 978-3-031-09483-5 [contents] - 2021
- [c30]Xhelal Likaj, Soheil Khodayari, Giancarlo Pellegrino:
Where We Stand (or Fall): An Analysis of CSRF Defenses in Web Frameworks. RAID 2021: 370-385 - [c29]Benjamin Eriksson, Giancarlo Pellegrino, Andrei Sabelfeld:
Black Widow: Blackbox Data-driven Web Scanning. SP 2021: 1125-1142 - [c28]Soheil Khodayari, Giancarlo Pellegrino:
JAW: Studying Client-side CSRF with Hybrid Property Graphs and Declarative Traversals. USENIX Security Symposium 2021: 2525-2542 - [e1]Leyla Bilge, Lorenzo Cavallaro, Giancarlo Pellegrino, Nuno Neves:
Detection of Intrusions and Malware, and Vulnerability Assessment - 18th International Conference, DIMVA 2021, Virtual Event, July 14-16, 2021, Proceedings. Lecture Notes in Computer Science 12756, Springer 2021, ISBN 978-3-030-80824-2 [contents] - 2020
- [c27]Giada Stivala, Giancarlo Pellegrino:
Deceptive Previews: A Study of the Link Preview Trustworthiness in Social Platforms. NDSS 2020 - [c26]Simon Koch, Tim Sauer, Martin Johns, Giancarlo Pellegrino:
Raccoon: automated verification of guarded race conditions in web applications. SAC 2020: 1678-1687 - [c25]Edward Chou, Florian Tramèr, Giancarlo Pellegrino:
SentiNet: Detecting Localized Universal Attacks Against Deep Learning Systems. SP (Workshops) 2020: 48-54 - [c24]Qingchuan Zhao, Chaoshun Zuo, Brendan Dolan-Gavitt, Giancarlo Pellegrino, Zhiqiang Lin:
Automatic Uncovering of Hidden Behaviors From Input Validation in Mobile Apps. SP 2020: 1106-1120
2010 – 2019
- 2019
- [c23]Florian Tramèr, Pascal Dupré, Gili Rusak, Giancarlo Pellegrino, Dan Boneh:
AdVersarial: Perceptual Ad Blocking meets Adversarial Machine Learning. CCS 2019: 2005-2021 - [c22]Qingchuan Zhao, Chaoshun Zuo, Giancarlo Pellegrino, Zhiqiang Lin:
Geo-locating Drivers: A Study of Sensitive Data Leakage in Ride-Hailing Services. NDSS 2019 - [c21]Saba Eskandarian, Jonathan Cogan, Sawyer Birnbaum, Peh Chang Wei Brandon, Dillon Franke, Forest Fraser, Gaspar Garcia Jr., Eric Gong, Hung T. Nguyen, Taresh K. Sethi, Vishal Subbiah, Michael Backes, Giancarlo Pellegrino, Dan Boneh:
Fidelius: Protecting User Secrets from Compromised Browsers. IEEE Symposium on Security and Privacy 2019: 264-280 - 2018
- [c20]Patrick Speicher, Marcel Steinmetz, Robert Künnemann, Milivoj Simeonovski, Giancarlo Pellegrino, Jörg Hoffmann, Michael Backes:
Formally Reasoning about the Cost and Efficacy of Securing the Email Infrastructure. EuroS&P 2018: 77-91 - [c19]Ben Stock, Giancarlo Pellegrino, Frank Li, Michael Backes, Christian Rossow:
Didn't You Hear Me? - Towards More Successful Web Vulnerability Notifications. NDSS 2018 - [c18]Marten Oltrogge, Erik Derr, Christian Stransky, Yasemin Acar, Sascha Fahl, Christian Rossow, Giancarlo Pellegrino, Sven Bugiel, Michael Backes:
The Rise of the Citizen Developer: Assessing the Security Impact of Online App Generators. IEEE Symposium on Security and Privacy 2018: 634-647 - [i4]Saba Eskandarian, Jonathan Cogan, Sawyer Birnbaum, Peh Chang Wei Brandon, Dillon Franke, Forest Fraser, Gaspar Garcia Jr., Eric Gong, Hung T. Nguyen, Taresh K. Sethi, Vishal Subbiah, Michael Backes, Giancarlo Pellegrino, Dan Boneh:
Fidelius: Protecting User Secrets from Compromised Browsers. CoRR abs/1809.04774 (2018) - [i3]Florian Tramèr, Pascal Dupré, Gili Rusak, Giancarlo Pellegrino, Dan Boneh:
Ad-versarial: Defeating Perceptual Ad-Blocking. CoRR abs/1811.03194 (2018) - [i2]Edward Chou, Florian Tramèr, Giancarlo Pellegrino, Dan Boneh:
SentiNet: Detecting Physical Attacks Against Deep Learning Systems. CoRR abs/1812.00292 (2018) - 2017
- [c17]Giancarlo Pellegrino, Martin Johns, Simon Koch, Michael Backes, Christian Rossow:
Deemon: Detecting CSRF with Dynamic Analysis and Property Graphs. CCS 2017: 1757-1771 - [c16]Milivoj Simeonovski, Giancarlo Pellegrino, Christian Rossow, Michael Backes:
Who Controls the Internet?: Analyzing Global Threats using Property Graph Traversals. WWW 2017: 647-656 - [i1]Giancarlo Pellegrino, Martin Johns, Simon Koch, Michael Backes, Christian Rossow:
Deemon: Detecting CSRF with Dynamic Analysis and Property Graphs. CoRR abs/1708.08786 (2017) - 2016
- [c15]Ben Stock, Giancarlo Pellegrino, Christian Rossow, Martin Johns, Michael Backes:
POSTER: Mapping the Landscape of Large-Scale Vulnerability Notifications. CCS 2016: 1787-1789 - [c14]Giancarlo Pellegrino, Onur Catakoglu, Davide Balzarotti, Christian Rossow:
Uses and Abuses of Server-Side Requests. RAID 2016: 393-414 - [c13]Ben Stock, Giancarlo Pellegrino, Christian Rossow, Martin Johns, Michael Backes:
Hey, You Have a Problem: On the Feasibility of Large-Scale Web Vulnerability Notification. USENIX Security Symposium 2016: 1015-1032 - 2015
- [c12]Giancarlo Pellegrino, Constantin Tschürtz, Eric Bodden, Christian Rossow:
jÄk: Using Dynamic Analysis to Crawl and Test Modern Web Applications. RAID 2015: 295-316 - [c11]Giancarlo Pellegrino, Davide Balzarotti, Stefan Winter, Neeraj Suri:
In the Compression Hornet's Nest: A Security Study of Data Compression in Network Services. USENIX Security Symposium 2015: 801-816 - [c10]Giancarlo Pellegrino, Christian Rossow, Fabrice J. Ryba, Thomas C. Schmidt, Matthias Wählisch:
Cashing Out the Great Cannon? On Browser-Based DDoS Attacks and Economics. WOOT 2015 - [p1]Gert Læssøe Mikkelsen, Kasper Damgård, Hans Guldager, Jonas Lindstrøm Jensen, Jesus Luna Garcia, Janus Dam Nielsen, Pascal Paillier, Giancarlo Pellegrino, Michael Bladt Stausholm, Neeraj Suri, Heng Zhang:
Technical Implementation and Feasibility. Attribute-based Credentials for Trust 2015: 255-317 - 2014
- [c9]Tsvetoslava Vateva-Gurova, Jesus Luna, Giancarlo Pellegrino, Neeraj Suri:
On the Feasibility of Side-Channel Attacks in a Virtualized Environment. ICETE (Selected Papers) 2014: 319-339 - [c8]Giancarlo Pellegrino, Davide Balzarotti:
Toward Black-Box Detection of Logic Flaws in Web Applications. NDSS 2014 - [c7]Tsvetoslava Vateva-Gurova, Jesus Luna, Giancarlo Pellegrino, Neeraj Suri:
Towards a Framework for Assessing the Feasibility of Side-channel Attacks in Virtualized Environments. SECRYPT 2014: 113-124 - 2013
- [b1]Giancarlo Pellegrino:
Detection of logic flaws in multi-party business applications via security testing. (Détection d'anomalies logiques dans les logiciels d'entreprise multi-partis à travers des tests de sécurité). Télécom ParisTech, France, 2013 - [j1]Alessandro Armando, Roberto Carbone, Luca Compagna, Jorge Cuéllar, Giancarlo Pellegrino, Alessandro Sorniotti:
An authentication flaw in browser-based Single Sign-On protocols: Impact and remediations. Comput. Secur. 33: 41-58 (2013) - [c6]Giancarlo Pellegrino, Luca Compagna, Thomas Morreggia:
A Tool for Supporting Developers in Analyzing the Security of Web-Based Security Protocols. ICTSS 2013: 277-282 - 2012
- [c5]Alessandro Armando, Wihem Arsac, Tigran Avanesov, Michele Barletta, Alberto Calvi, Alessandro Cappai, Roberto Carbone, Yannick Chevalier, Luca Compagna, Jorge Cuéllar, Gabriel Erzse, Simone Frau, Marius Minea, Sebastian Mödersheim, David von Oheimb, Giancarlo Pellegrino, Serena Elisa Ponta, Marco Rocchetto, Michaël Rusinowitch, Mohammad Torabi Dashti, Mathieu Turuani, Luca Viganò:
The AVANTSSAR Platform for the Automated Validation of Trust and Security of Service-Oriented Architectures. TACAS 2012: 267-282 - [c4]Alessandro Armando, Giancarlo Pellegrino, Roberto Carbone, Alessio Merlo, Davide Balzarotti:
From Model-Checking to Automated Testing of Security Protocols: Bridging the Gap. TAP@TOOLS 2012: 3-18 - 2011
- [c3]Wihem Arsac, Luca Compagna, Giancarlo Pellegrino, Serena Elisa Ponta:
Security Validation of Business Processes via Model-Checking. ESSoS 2011: 29-42 - [c2]Alessandro Armando, Roberto Carbone, Luca Compagna, Jorge Cuéllar, Giancarlo Pellegrino, Alessandro Sorniotti:
From Multiple Credentials to Browser-Based Single Sign-On: Are We More Secure? SEC 2011: 68-79 - 2010
- [c1]Alessandro Armando, Roberto Carbone, Luca Compagna, Keqin Li, Giancarlo Pellegrino:
Model-Checking Driven Security Testing of Web-Based Applications. ICST Workshops 2010: 361-370
Coauthor Index
manage site settings
To protect your privacy, all features that rely on external API calls from your browser are turned off by default. You need to opt-in for them to become active. All settings here will be stored as cookies with your web browser. For more information see our F.A.Q.
Unpaywalled article links
Add open access links from to the list of external document links (if available).
Privacy notice: By enabling the option above, your browser will contact the API of unpaywall.org to load hyperlinks to open access articles. Although we do not have any reason to believe that your call will be tracked, we do not have any control over how the remote server uses your data. So please proceed with care and consider checking the Unpaywall privacy policy.
Archived links via Wayback Machine
For web page which are no longer available, try to retrieve content from the of the Internet Archive (if available).
Privacy notice: By enabling the option above, your browser will contact the API of archive.org to check for archived content of web pages that are no longer available. Although we do not have any reason to believe that your call will be tracked, we do not have any control over how the remote server uses your data. So please proceed with care and consider checking the Internet Archive privacy policy.
Reference lists
Add a list of references from , , and to record detail pages.
load references from crossref.org and opencitations.net
Privacy notice: By enabling the option above, your browser will contact the APIs of crossref.org, opencitations.net, and semanticscholar.org to load article reference information. Although we do not have any reason to believe that your call will be tracked, we do not have any control over how the remote server uses your data. So please proceed with care and consider checking the Crossref privacy policy and the OpenCitations privacy policy, as well as the AI2 Privacy Policy covering Semantic Scholar.
Citation data
Add a list of citing articles from and to record detail pages.
load citations from opencitations.net
Privacy notice: By enabling the option above, your browser will contact the API of opencitations.net and semanticscholar.org to load citation information. Although we do not have any reason to believe that your call will be tracked, we do not have any control over how the remote server uses your data. So please proceed with care and consider checking the OpenCitations privacy policy as well as the AI2 Privacy Policy covering Semantic Scholar.
OpenAlex data
Load additional information about publications from .
Privacy notice: By enabling the option above, your browser will contact the API of openalex.org to load additional information. Although we do not have any reason to believe that your call will be tracked, we do not have any control over how the remote server uses your data. So please proceed with care and consider checking the information given by OpenAlex.
last updated on 2024-12-13 19:08 CET by the dblp team
all metadata released as open data under CC0 1.0 license
see also: Terms of Use | Privacy Policy | Imprint