web security

web security

Filter by

Protecting accounts from credential stuffing with password breach alerting

Protecting accounts from credential stuffing with password breach alerting

Usenix Security 2019

Deconstructing the Phishing Campaigns that Target Gmail Users

Deconstructing the Phishing Campaigns that Target Gmail Users

Black Hat USA 2019

Password checkup: from 0 to 650, 000 users in 20 days

Password checkup: from 0 to 650, 000 users in 20 days

Mar 2019

Understanding how people use private browsing

Understanding how people use private browsing

Jul 2017

Understanding the prevalence of web traffic interception

Understanding the prevalence of web traffic interception

Jun 2017

Learn web security with Google

Learn web security with Google

IO 2016

The Security Impact of HTTPS Interception

The Security Impact of HTTPS Interception

NDSS 2017

Picasso: Lightweight Device Class Fingerprinting for Web Clients

Picasso: Lightweight Device Class Fingerprinting for Web Clients

SPSM 2016

How google helps 600,000 webmasters re-secure their hacked sites every year

How google helps 600,000 webmasters re-secure their hacked sites every year

Jun 2016

Cloak of visibility: detecting when machines browse a different web

Cloak of visibility: detecting when machines browse a different web

S&P 2016

Remedying web hijacking notification effectiveness and webmaster comprehension

Remedying web hijacking notification effectiveness and webmaster comprehension

WWW 2016

The dark side of online poker or the commoditization and weaponization of big data and espionage

The dark side of online poker or the commoditization and weaponization of big data and espionage

Feb 2016

How phishing works

How phishing works

Aug 2015

Secrets, lies, and account recovery: lessons from the use of personal knowledge questions at google

Secrets, lies, and account recovery: lessons from the use of personal knowledge questions at google

WWW 2015

Ad injection at scale: assessing deceptive advertisement modifications

Ad injection at scale: assessing deceptive advertisement modifications

S&P 2015

19.5% of https sites trigger browser warning as they use sha-1 signed certificates

19.5% of https sites trigger browser warning as they use sha-1 signed certificates

Jan 2015

The end is nigh: generic solving of text-based captchas

The end is nigh: generic solving of text-based captchas

WOOT 2014

Meaning matters: why google switched to numeric captchas

user experience

Meaning matters: why google switched to numeric captchas

Apr 2014

When a porn site masquerades as the apple app store

When a porn site masquerades as the apple app store

May 2013

Apple finally turns HTTPS on for the app store, fixing a lot of vulnerabilities

Apple finally turns HTTPS on for the app store, fixing a lot of vulnerabilities

Mar 2013

Sessionjuggler secure web login from an untrusted terminal using session hijacking

Sessionjuggler secure web login from an untrusted terminal using session hijacking

WWW 2012

The Art of Breaking and Designing CAPTCHAS

The Art of Breaking and Designing CAPTCHAS

RSA 2012

How we broke the nucaptcha video scheme and what we propose to fix it

How we broke the nucaptcha video scheme and what we propose to fix it

Feb 2012

What phishing sites look like ? (study)

What phishing sites look like ? (study)

Nov 2011

Evolution of the https lock icon (infographic)

Evolution of the https lock icon (infographic)

Nov 2011

Text-based captcha strengths and weaknesses

Text-based captcha strengths and weaknesses

CCS 2011

Reclaiming the blogosphere talkback a secure linkback protocol for weblogs

Reclaiming the blogosphere talkback a secure linkback protocol for weblogs

ESORICS 2011

Towards secure embedded web interfaces

Towards secure embedded web interfaces

Usenix Security 2011

Using the microsoft geolocalization api to retrace where a windows laptop has been

Using the microsoft geolocalization api to retrace where a windows laptop has been

Jul 2011

Tracking users that block cookies with a http redirect

Tracking users that block cookies with a http redirect

Jul 2011

The failure of noise-based non-continuous audio captchas

The failure of noise-based non-continuous audio captchas

S&P 2011

Five surprising captcha schemes

Five surprising captcha schemes

Mar 2011

Identifying internet explorer user with a smb query

Identifying internet explorer user with a smb query

Aug 2010

An analysis of private browsing modes in modern browsers

An analysis of private browsing modes in modern browsers

Usenix Security 2010

Framing attacks on smartphones and dumb routers: social sites tap-jacking and geo-localization attacks

Framing attacks on smartphones and dumb routers: social sites tap-jacking and geo-localization attacks

WOOT 2010

Webseclab security education workbench

Webseclab security education workbench

CEST 2010

Bad memories

Bad memories

Black Hat & Defcon 2010

The emergence of cross channel scripting

The emergence of cross channel scripting

CACM 2010

Busting frame busting a study of clickjacking vulnerabilities on popular sites

Busting frame busting a study of clickjacking vulnerabilities on popular sites

W2SP 2010

How good are humans at solving captchas a large scale evaluation

How good are humans at solving captchas a large scale evaluation

S&P 2010

State of the art automated black-box web application vulnerability testing

State of the art automated black-box web application vulnerability testing

S&P 2010

Trackback spam abuse and prevention

Trackback spam abuse and prevention

CCSW 2009

Xcs cross channel scripting and its impact on web applications

Xcs cross channel scripting and its impact on web applications

CCS 2009

Decaptcha breaking 75% of ebay audio captchas

Decaptcha breaking 75% of ebay audio captchas

WOOT 2009

Embedded management interfaces emerging massive insecurity

Embedded management interfaces emerging massive insecurity

Black Hat 2009