• Publications
  • Influence
Cookieless Monster: Exploring the Ecosystem of Web-Based Device Fingerprinting
TLDR
The web has become an essential part of our society and is currently the main medium of information delivery. Expand
  • 356
  • 41
  • PDF
A privacy threat analysis framework: supporting the elicitation and fulfillment of privacy requirements
TLDR
This paper presents a comprehensive framework to model privacy-specific threats in software-based systems. Expand
  • 294
  • 36
  • PDF
RIPE: runtime intrusion prevention evaluator
TLDR
We present RIPE, an extension of Wilander and Kamkar's testbed of 20 attack forms which covers 850 attack forms and use it to empirically evaluate some of the newer buffer overflow prevention techniques. Expand
  • 95
  • 35
  • PDF
Automated Website Fingerprinting through Deep Learning
TLDR
We show that an adversary can automate the feature engineering process, and thus automatically deanonymize Tor traffic by applying our novel method based on deep learning. Expand
  • 82
  • 23
  • PDF
Predicting Vulnerable Software Components via Text Mining
TLDR
This paper presents an approach based on machine learning to predict which components of a software application contain security vulnerabilities. Expand
  • 173
  • 20
  • PDF
Tranco: A Research-Oriented Top Sites Ranking Hardened Against Manipulation
TLDR
In order to evaluate the prevalence of security and privacy practices on a representative sample of the Web, researchers rely on website popularity rankings such as the Alexa list. Expand
  • 109
  • 18
  • PDF
You are what you include: large-scale evaluation of remote javascript inclusions
TLDR
JavaScript is used by web developers to enhance the interactivity of their sites, offload work to the users' browsers and improve their sites' responsiveness and user-friendliness, making web pages feel like traditional desktop applications. Expand
  • 256
  • 14
  • PDF
A system of security patterns
TLDR
For the past 5 years, MITRE has been tracking the types of errors that lead to publicly reported vulnerabilities. Expand
  • 46
  • 11
  • PDF
On the secure software development process: CLASP, SDL and Touchpoints compared
TLDR
This paper compares OWASP's CLASP, Microsoft's SDL and McGraw's Touchpoints for secure software development. Expand
  • 104
  • 10
  • PDF
An Analysis of the Security Patterns Landscape
TLDR
This paper analyzes an extensive set of published security patterns according to several dimensions and outlines the directions for improvement. Expand
  • 93
  • 9
...
1
2
3
4
5
...