• Publications
  • Influence
25 million flows later: large-scale detection of DOM-based XSS
TLDR
We present a fully automated system to detect and validate DOM-based XSS vulnerabilities, consisting of a taint-aware JavaScript engine and corresponding DOM implementation as well as a context-sensitive exploit generation approach. Expand
  • 118
  • 11
  • PDF
Walowdac - Analysis of a Peer-to-Peer Botnet
TLDR
We present our in ltration of the Waledac botnet, which can be seen as the successor of the Storm Worm botnet. Expand
  • 95
  • 9
  • PDF
Precise Client-side Protection against DOM-based Cross-Site Scripting
TLDR
We propose an alternative approach for client-side prevention of DOM-based XSS, that utilizes runtime taint tracking and taint-aware parsers to stop the parsing of attacker-controlled syntactic content. Expand
  • 57
  • 7
  • PDF
HideNoSeek: Camouflaging Malicious JavaScript in Benign ASTs
TLDR
We introduce a novel and generic camouflage attack, which evades the entire class of detectors based on syntactic features, without needing any information about the system it is trying to evade. Expand
  • 16
  • 5
  • PDF
Didn't You Hear Me? - Towards More Successful Web Vulnerability Notifications
TLDR
We report on a notification experiment targeting 24,000 domains, which allowed us to analyze what technical and human aspects are roadblocks to a successful campaign. Expand
  • 26
  • 3
  • PDF
The Unexpected Dangers of Dynamic JavaScript
TLDR
We present the first, systematic analysis of this vulnerability class and provide empirical evidence on its seveess. Expand
  • 23
  • 3
  • PDF
Protecting users against XSS-based password manager abuse
TLDR
In this paper, we have demonstrated that current implementations of built-in password managers in browsers are vulnerable to XSS attacks targeting the stored passwords. Expand
  • 32
  • 3
  • PDF
Hey, You Have a Problem: On the Feasibility of Large-Scale Web Vulnerability Notification
TLDR
Large-scale discovery of thousands of vulnerable Web sites has become a frequent event, thanks to the rise in maturity of Internet-wide scanning tools. Expand
  • 47
  • 2
  • PDF
From Facepalm to Brain Bender: Exploring Client-Side Cross-Site Scripting
TLDR
We analyze a set of 1,273 real-world vulnerabilities contained on the Alexa Top 10k domains using a specifically designed architecture, consisting of an infrastructure which allows us to persist and replay vulnerabilities to ensure a sound analysis. Expand
  • 25
  • 2
  • PDF
Efficient and Flexible Discovery of PHP Application Vulnerabilities
TLDR
We present an interprocedural analysis technique for PHP applications based on code property graphs that scales well to large amounts of code and is highly adaptable in its nature. Expand
  • 21
  • 1
  • PDF