[HTML][HTML] Bridging the gap: A survey and classification of research-informed Ethical Hacking tools
The majority of Ethical Hacking (EH) tools utilised in penetration testing are developed by
practitioners within the industry or underground communities. Similarly, academic …
practitioners within the industry or underground communities. Similarly, academic …
Cross miniapp request forgery: Root causes, attacks, and vulnerability detection
A miniapp is a full-fledged app that is executed inside a mobile super app such as WeChat
or SnapChat. Being mini by nature, it often has to communicate with other miniapps to …
or SnapChat. Being mini by nature, it often has to communicate with other miniapps to …
Black widow: Blackbox data-driven web scanning
B Eriksson, G Pellegrino… - 2021 IEEE Symposium on …, 2021 - ieeexplore.ieee.org
Modern web applications are an integral part of our digital lives. As we put more trust in web
applications, the need for security increases. At the same time, detecting vulnerabilities in …
applications, the need for security increases. At the same time, detecting vulnerabilities in …
{JAW}: Studying client-side {CSRF} with hybrid property graphs and declarative traversals
S Khodayari, G Pellegrino - 30th usenix security symposium (usenix …, 2021 - usenix.org
Client-side CSRF is a new type of CSRF vulnerability where the adversary can trick the
client-side JavaScript program to send a forged HTTP request to a vulnerable target site by …
client-side JavaScript program to send a forged HTTP request to a vulnerable target site by …
The Great Request Robbery: An Empirical Study of Client-side Request Hijacking Vulnerabilities on the Web
S Khodayari, T Barber… - Proceedings of 45th …, 2024 - publications.cispa.saarland
Request forgery attacks are among the oldest threats to Web applications, traditionally
caused by server-side confused deputy vulnerabilities. However, recent advancements in …
caused by server-side confused deputy vulnerabilities. However, recent advancements in …
An empirical comparison of commercial and open‐source web vulnerability scanners
R Amankwah, J Chen, PK Kudjo… - Software: Practice and …, 2020 - Wiley Online Library
Web vulnerability scanners (WVSs) are tools that can detect security vulnerabilities in web
services. Although both commercial and open‐source WVSs exist, their vulnerability …
services. Although both commercial and open‐source WVSs exist, their vulnerability …
The state of the samesite: Studying the usage, effectiveness, and adequacy of samesite cookies
S Khodayari, G Pellegrino - 2022 IEEE symposium on security …, 2022 - ieeexplore.ieee.org
Chromium-based browsers now restrict cookies' scope to a same-site context by changing
the default policy for cookies, thus requiring developers to adapt their websites. The extent of …
the default policy for cookies, thus requiring developers to adapt their websites. The extent of …
All your shops are belong to us: security weaknesses in e-commerce platforms
Software as a Service (SaaS) e-commerce platforms for merchants allow individual business
owners to set up their online stores almost instantly. Prior work has shown that the checkout …
owners to set up their online stores almost instantly. Prior work has shown that the checkout …
[PDF][PDF] Rescan: A middleware framework for realistic and robust black-box web application scanning
ÐBlack-box web vulnerability scanners are invaluable for security researchers and
practitioners. Despite recent approaches tackling some of the inherent limitations of …
practitioners. Despite recent approaches tackling some of the inherent limitations of …
Where we stand (or fall): An analysis of CSRF defenses in web frameworks
X Likaj, S Khodayari, G Pellegrino - Proceedings of the 24th International …, 2021 - dl.acm.org
Cross-Site Request Forgery (CSRF) is among the oldest web vulnerabilities that, despite its
popularity and severity, it is still an understudied security problem. In this paper, we …
popularity and severity, it is still an understudied security problem. In this paper, we …