theme image

web security

web security
profile
Protecting accounts from credential stuffing with password breach alerting
security

Protecting accounts from credential stuffing with password breach alerting

Usenix Security 2019

Deconstructing the Phishing Campaigns that Target Gmail Users
anti-abuse

Deconstructing the Phishing Campaigns that Target Gmail Users

Black Hat USA 2019

Password checkup: from 0 to 650, 000 users in 20 days
security

Password checkup: from 0 to 650, 000 users in 20 days

Mar 2019

Understanding how people use private browsing
privacy

Understanding how people use private browsing

Jul 2017

Understanding the prevalence of web traffic interception
web security

Understanding the prevalence of web traffic interception

Jun 2017

Learn web security with Google
web security

Learn web security with Google

IO 2016

The Security Impact of HTTPS Interception
web security

The Security Impact of HTTPS Interception

NDSS 2017

Picasso: Lightweight Device Class Fingerprinting for Web Clients
anti-abuse

Picasso: Lightweight Device Class Fingerprinting for Web Clients

SPSM 2016

How google helps 600,000 webmasters re-secure their hacked sites every year
web security

How google helps 600,000 webmasters re-secure their hacked sites every year

Jun 2016

Cloak of visibility: detecting when machines browse a different web
anti-abuse

Cloak of visibility: detecting when machines browse a different web

S&P 2016

Remedying web hijacking notification effectiveness and webmaster comprehension
web security

Remedying web hijacking notification effectiveness and webmaster comprehension

WWW 2016

The dark side of online poker or the commoditization and weaponization of big data and espionage
hacking

The dark side of online poker or the commoditization and weaponization of big data and espionage

Feb 2016

How phishing works
anti-abuse

How phishing works

Aug 2015

Secrets, lies, and account recovery: lessons from the use of personal knowledge questions at google
anti-abuse

Secrets, lies, and account recovery: lessons from the use of personal knowledge questions at google

WWW 2015

Ad injection at scale: assessing deceptive advertisement modifications
anti-abuse

Ad injection at scale: assessing deceptive advertisement modifications

S&P 2015

19.5% of https sites trigger browser warning as they use sha-1 signed certificates
web security

19.5% of https sites trigger browser warning as they use sha-1 signed certificates

Jan 2015

The end is nigh: generic solving of text-based captchas
web security

The end is nigh: generic solving of text-based captchas

WOOT 2014

Meaning matters: why google switched to numeric captchas
user experience

Meaning matters: why google switched to numeric captchas

Apr 2014

When a porn site masquerades as the apple app store
anti-abuse

When a porn site masquerades as the apple app store

May 2013

Apple finally turns HTTPS on for the app store, fixing a lot of vulnerabilities
web security

Apple finally turns HTTPS on for the app store, fixing a lot of vulnerabilities

Mar 2013

Sessionjuggler secure web login from an untrusted terminal using session hijacking
web security

Sessionjuggler secure web login from an untrusted terminal using session hijacking

WWW 2012

The Art of Breaking and Designing CAPTCHAS
web security

The Art of Breaking and Designing CAPTCHAS

RSA 2012

How we broke the nucaptcha video scheme and what we propose to fix it
web security

How we broke the nucaptcha video scheme and what we propose to fix it

Feb 2012

What phishing sites look like ? (study)
anti-abuse

What phishing sites look like ? (study)

Nov 2011

Evolution of the https lock icon (infographic)
web security

Evolution of the https lock icon (infographic)

Nov 2011

Text-based captcha strengths and weaknesses
web security

Text-based captcha strengths and weaknesses

CCS 2011

Reclaiming the blogosphere talkback a secure linkback protocol for weblogs
web security

Reclaiming the blogosphere talkback a secure linkback protocol for weblogs

ESORICS 2011

Towards secure embedded web interfaces
web security

Towards secure embedded web interfaces

Usenix Security 2011

Using the microsoft geolocalization api to retrace where a windows laptop has been
privacy

Using the microsoft geolocalization api to retrace where a windows laptop has been

Jul 2011

Tracking users that block cookies with a http redirect
web security

Tracking users that block cookies with a http redirect

Jul 2011

The failure of noise-based non-continuous audio captchas
web security

The failure of noise-based non-continuous audio captchas

S&P 2011

Five surprising captcha schemes
web security

Five surprising captcha schemes

Mar 2011

Identifying internet explorer user with a smb query
hacking

Identifying internet explorer user with a smb query

Aug 2010

An analysis of private browsing modes in modern browsers
privacy

An analysis of private browsing modes in modern browsers

Usenix Security 2010

Framing attacks on smartphones and dumb routers: social sites tap-jacking and geo-localization attacks
hacking

Framing attacks on smartphones and dumb routers: social sites tap-jacking and geo-localization attacks

WOOT 2010

Webseclab security education workbench
web security

Webseclab security education workbench

CEST 2010

Bad memories
hacking

Bad memories

Black Hat & Defcon 2010

The emergence of cross channel scripting
web security

The emergence of cross channel scripting

CACM 2010

Busting frame busting a study of clickjacking vulnerabilities on popular sites
web security

Busting frame busting a study of clickjacking vulnerabilities on popular sites

W2SP 2010

How good are humans at solving captchas a large scale evaluation
web security

How good are humans at solving captchas a large scale evaluation

S&P 2010

State of the art automated black-box web application vulnerability testing
web security

State of the art automated black-box web application vulnerability testing

S&P 2010

Trackback spam abuse and prevention
web security

Trackback spam abuse and prevention

CCSW 2009

Xcs cross channel scripting and its impact on web applications
web security

Xcs cross channel scripting and its impact on web applications

CCS 2009

Decaptcha breaking 75% of ebay audio captchas
web security

Decaptcha breaking 75% of ebay audio captchas

WOOT 2009

Embedded management interfaces emerging massive insecurity
hacking

Embedded management interfaces emerging massive insecurity

Black Hat 2009

newsletter signup slide

Get cutting edge research directly in your inbox.

newsletter signup slide

Get cutting edge research directly in your inbox.