Wired wrote a fantastic article on our research work on how TLS vulnerabilities get amplified in the Web and eventually propagate to breach web application security. The article nicely summarizes the main contributions of our study in a very accessible way, so don’t miss such a cool read!

HTTPS is the security cornerstone of the Web against network attackers, but can we trust its deployment? To learn how much TLS vulnerabilities might break the web ecosystem, take a look at our latest IEEE S&P paper, where we quantify the impact of such cryptographic issues on web application security!

Sub-session hijacking is a nasty attack, which was not properly understood. If you are interested in the topic, read our JCS paper, where we discuss how to fix its root causes and we propose a defense mechanism based on server-side security monitoring.

Proud to be part of the program committee of the next USENIX Security Symposium! Please consider submitting your best security and privacy works there, see the call for papers at the conference website. Recall that USENIX Security is moving to a rolling deadline model, with four submission cycles per year.

I will be the Lead Guest editor of the special issue on Web Application Security at Security and Communication Networks! Please consider submitting your papers there, we are interested into a broad set of topics in web security research. See the call for papers for full details.

Thrilled to serve in the program committee of the next IEEE European Symposium on Security and Privacy! Please consider submitting your best security and privacy works there, see the call for papers at the EuroS&P 2019 website.