Publications

TESTABLE Project Publications

Publications

Scientific Publications

In the following list are reported all the accepted scientific publications from TESTABLE partners under its funding.

  1. Unique on Facebook: formulation and evidence of (nano)targeting individual users with non-PII data
  2. When Sally Met Trackers: Web Tracking From the Users' Perspective
  3. Testability Tarpits: the Impact of Code Patterns on the Security Testing of Web Applications
  4. SoK: Exploring Current and Future Research Directions on XS-Leaks through an Extended Formal Model
  5. SecML: Secure and Explainable Machine Learning in Python
  6. Practical Attacks on Machine Learning: A Case Study on Adversarial Windows Malware
  7. Keeping Privacy Labels Honest
  8. Hand Sanitizers in the Wild: A Large-scale Study of Custom JavaScript Sanitizer Functions
  9. It's (DOM) Clobbering Time: Attack Techniques, Prevalence, and Defenses
  10. Indicators of Attack Failure: Debugging and Improving Optimization of Adversarial Examples
  11. Explaining Machine Learning DGA Detectors from DNS Traffic Data
  12. Robust Machine Learning for Malware Detection over Time
  13. FUZZILLI: Fuzzing for JavaScript JIT Compiler Vulnerabilities
  14. The OK Is Not Enough: A Large Scale Study of Consent Dialogs in Smartphone Applications
  15. Accept All Exploits: Exploring the Security Impact of Cookie Banners
  16. Scripted Henchmen: Leveraging XS-Leaks for Cross-Site Vulnerability Detection
  17. WHIP: Improving Static Vulnerability Detection in Web Application by Forcing tools to Collaborate
  18. Rods with Laser Beams: Understanding Browser Fingerprinting on Phishing Pages
  19. The Leaky Web: Automated Discovery of Cross-Site Information Leaks in Browsers and the Web
  20. The Great Request Robbery: An Empirical Study of Client-side Request Hijacking Vulnerabilities on the Web
  21. SoK: State of the Krawlers - Evaluating the Effectiveness of Crawling Algorithms for Web Security Measurements
  22. Poster: Analysis of User Uniqueness on LinkedIn Based on Publicly Available Non-PII
  23. The Fault in Our Stars: An Analysis of GitHub Stars as an Importance Metric for Web Source Code
  24. Parse Me, Baby, One More Time: Bypassing HTML Sanitizer via Parsing Differentials
  25. Dancer in the Dark: Synthesizing and Evaluating Polyglots for Blind Cross-Site Scripting
  26. General Data Protection Runtime: Enforcing Transparent GDPR Compliance for Existing Applications
  27. Poster: The Risk of Insufficient Isolation of Database Transactions in Web Applications
  28. FP-tracer: Fine-grained Browser Fingerprinting Detection via Taint-tracking and Entropy-based Thresholds
  29. CSRF-ing the SSO waves: security testing of SSO-based account linking process
  30. Towards Understanding and Improving Security-Relevant Web Application Logging
  31. Raze to the Ground: Query-Efficient Adversarial HTML Attacks on Machine-Learning Phishing Webpage Detectors
  32. Modsec-learn: Boosting modsecurity with machine learning
  33. AttackBench: Evaluating Gradient-based Attacks for Adversarial Examples
  34. Certified adversarial robustness of machine learning-based malware detectors via (de)randomized smoothing
  35. SSRF vs. Developers: A Study of SSRF-Defenses in PHP Applications
  36. Analysis and Implementation of Nanotargeting on LinkedIn Based on Publicly Available Non-PII
  37. Learning Type Inference for Enhanced Dataflow Analysis