I am happy to announce that today I will be presenting my work: You've Got (a Reset) Mail: A Security Analysis of Email-Based Password DIMVA Conference If you haven't done it go and register to attend the conference. It's free for students!!! #CyberSecurity #DIMVA21

In case you missed my presentation at DIMVA Conference 21, here innotommy.com you can find the slide of my presentation. Stay tune in for the video of my presentation that will soon be published!!! #research #science #cybersecurity #owasp

Report in News from Science on our fight against Trump’s discriminatory Proclamation 10043, which has made visas impossible to get/renew for 30K+ Chinese scholars. It's detrimental to science in the US and globally, and contributes to anti-Asian sentiment. sciencemag.org/news/2021/07/u…

Over 70% Italians are fully vaccinated vs Covid-19. Thousands of Italians living in 🇺🇸 are eager to travel to 🇮🇹 & return. So many Italians wait to be allowed to travel to 🇺🇸for business & family reunion. We hope that safe Transatlantic travel both ways will be reestablished soon

About our ACM CCS 2025 paper: HTTP Request Smuggling (HRS) happens when two servers in a request chain do not agree on the body parsing and it was first documented by Amit Klein. Recently, talks by James Kettle and d3fp4r4m showed how HRS can be weaponized for severe attacks. (1/4)

I am happy to announce that our paper FRAMESHIFTER has been presented at USENIX'22. Thanks for this collaboration to Bahruz Jabiyev,Steve Sprecher, Anthony Gavazzi, Kaan Onarlioglu and Engin Kirda For more details: Fuzzer:github.com/bahruzjabiyev/… Paper:innotommy.com/Frameshifter.p…

I am so happy that our research has unveiled an unknown problem that Golang has promptly fixed. Let's keep making the internet a safer place!! #research #security #northeasternUniversity

The redirect_uri validation in the #OAuth SDK incorporates new lessons from the OAuth Security Workshop 2023 connect2id.com/products/nimbu…

The second #ACSAC2023 paper #preview is Innocenti et al.'s work, which finds that #OAuth 2.0 #IdPs are exposed to path confusion and parameter #PollutionAttacks due to under-specified "redirect URI" validation rules. openconf.org/acsac2023/modu… Tommaso Innocenti Matteo Northeastern U.

Many thanks to the #ACSAC2023 authors who presented their experimental work and others who attended the The LASER Workshop collocated with the ACSAC. The one-hour discussions on #cybersecurity #experimentation were quite engaging and very enlightening! #LASER2023

I am honored to announce that OAuth 2.0 Redirect URI Validation Falls Short, Literally has been included in the nomination list for the Top 10 Web Hacking techniques of 2023. Now, I need your support to vote for our paper and make the top 10 list. portswigger.net/polls/top-10-w…

Last but not least in the session came Innocenti et al.'s "OAuth 2.0 Redirect URI Validation Falls Short", which proposes novel #attack techniques and empirically verifies with 16 popular #IdPs that #OAuth 2.0 security guidance is under-specified. (acsac.org/2023/program/f…) (5/5)

And this is what it teaches us the fundamentals of operations research .... how to get the best… instagram.com/p/uN9PVjl98v/

And this is what it teaches us the fundamentals of operations research .... how to get the best… instagram.com/p/uN9RdQF98z/

Study hard party harder!!!#polimi #best #eyes #beats #mixr #sonno #sbatta #milan #cool #sun… instagram.com/p/us0JEkl9xb/

stronger than everything and everyone fuck!!!!!

On the boltbus 2051 from Boston to New York with 3 hours of delay, what we can do to have a refund for the delay? #boston BoltBus