📢 There's still time to submit nominations for the USENIX Security '25 PC. Consider nominating yourself even if you have already served! Deadline: May 24, 2024. The link is below.

One of the two Test of Time awards is „Modeling and Discovering Vulnerabilities with Code Property Graphs“ (sec.cs.tu-bs.de/pubs/2014-ieee…) - pretty cool paper with lots of impact. Congratulations Fabian Yamaguchi, Konrad Rieck 🌈, Daniel Arp and Nico Golde 🎉

📣 "The Great Request Robbery: The Great Request Robbery: An Empirical Study of Client-side Request Hijacking Vulnerabilities on the Web" won a IEEE S&P '24 distinguished paper award 🎉! Congrats to Soheil and Thomas Barber. Paper: scnps.co/papers/sp24_re…

🚨 Missed our presentation at #SP24 on request hijacking vulnerabilities? No worries, got y'all covered!🎉 We won a Distinguished Paper Award! 🏆 Check out our poster below and dive into the details here: scnps.co/papers/sp24_re… 🔗 CC: Giancarlo Pellegrino, testable_eu, IEEE S&P

Few moments from our #SP24 talk on request hijacking vulnerabilities! 🎉📸 A big thanks to thomas for doing the presentation. Stay tuned for our video recording! 👉 ja-w.me 🔗 scnps.co/papers/sp24_re… CC: Giancarlo Pellegrino, testable_eu, IEEE S&P

📢 Excited to speak at #OWASP #GlobalAppSecLisbon '24 on June 27 ✨ Presenting "In the Same Site We Trust: Navigating the Landscape of Client-side Request Hijacking on the Web" and sharing our open-source tool. See you there! 🌐 CC: testable_eu, @CISPA sched.co/1VdAy

I’m thrilled to present my latest research paper at IEEE European Symposium on Security and Privacy this Tuesday! 📜 Discover how attackers are abusing hosting services and websites to distribute SEO-poisoned clickbait PDFs. 🔍🎣 Feel free to reach out if you're there! #CyberSecurity #Phishing #PhD #IEEEEUROSP

A big thank you to the local organizers in Vienna for hosting an outstanding event! Thanks to the outgoing chair Herbert Bos and good luck for 2025 to the PC co-chairs Ben Stock and Anja Lehmann - follow this space for the CfP and changes for the 2025 Venice edition of EuroS&P.

From privacy to the web, we now have Soheil from @CISPA presenting his research on web security (and broken web applications) at #SuRI24 EPFL

🚀 Calling all IT pros in hosting companies & web agencies! 🚀 We're researchers from @CISPA and we're studying Hosting Maintenance&Operations. Join us for an interview! - Gain insights - Contribute to better procedures - Get compensated Info via DM or at giada.stivalalife.de

1/n It’s finally done! Defended my PhD with summa cum laude 🎉 Huge thanks to my amazing supervisor, Straight Outta Folsom, and doctoral committee @datenkeller, Bernd Finkbeiner, Martina Maggio, Bhupendra Acharya. Grateful to all my friends and family for their extraordinary support throughout this journey

Aurore Fass and I are pleased to invite (self-)nominations for USENIX Security '25 Artifact Evaluation Committee . This year's "Open Science" policy requires heavy support from our community. Please fill this form by October 11 to express interest: docs.google.com/forms/d/e/1FAI… 1/2

Consider nominating yourself or someone else for the AE committee for USENIX Security '25. It is a unique opportunity to help our community establish a default open science policy in our community!

Please consider volunteering to join the USENIX Security '25 artifact evaluation committee! Help us make sharing reusable research artifacts the norm rather than the exception.

We are making the source code of YuraScanner public: github.com/pixelindigo/yu… We initially restricted it to prevent misuse (fake accounts, scraping). We re-eval risk-benefits with live tests. Defenses (CAPTCHA, MFA, etc.) are sufficient, thus we pushed the code to GitHub!

Hey, don't miss Tim's YuraScanner presentation today at 11:40 in session 2B, "Web Security" at NDSS '25! Our new task-driven web security scanner features LLM, XSS, and a pinch of 0-days.

“You are a scanner…” YuraScanner is one of the first task-driven web application scanners powered by LLM that can autonomously discover workflows and execute them. No user traces or input are needed!

YuraScanner can reach deep states of web applications that no scanner can. We tested on 20 web apps (GitLab, phpBB, etc.), manually validated its ability to discover and execute tasks, and discovered 12 zero-day XSS vulnerabilities.

I won’t be there to present but I'd be happy to chat about it on my socials!

Presented our paper “Exploring the Design Space for Security Warnings in Immersive Environments” at #EuroSP2025 in Venice! 🇮🇹🔐 Grateful for the insightful discussion. Huge thanks to my co-authors and cispa.de for the support! #Security #VR #AR