Content security problems? evaluating the effectiveness of content security policy in the wild S Calzavara, A Rabitti, M Bugliesi Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications …, 2016 | 81 | 2016 |
Semantics-based analysis of content security policy deployment S Calzavara, A Rabitti, M Bugliesi ACM Transactions on the Web (TWEB) 12 (2), 1-36, 2018 | 58 | 2018 |
Mitch: A machine learning approach to the black-box detection of CSRF vulnerabilities S Calzavara, M Conti, R Focardi, A Rabitti, G Tolomei 2019 IEEE European Symposium on Security and Privacy (EuroS&P), 528-543, 2019 | 54 | 2019 |
Postcards from the post-http world: Amplification of https vulnerabilities in the web ecosystem S Calzavara, R Focardi, M Nemec, A Rabitti, M Squarcina 2019 IEEE Symposium on Security and Privacy (SP), 281-298, 2019 | 44 | 2019 |
A tale of two headers: a formal analysis of inconsistent {Click-Jacking} protection on the web S Calzavara, S Roth, A Rabitti, M Backes, B Stock 29th USENIX Security Symposium (USENIX Security 20), 683-697, 2020 | 34 | 2020 |
Testing for integrity flaws in web sessions S Calzavara, A Rabitti, A Ragazzo, M Bugliesi Computer Security–ESORICS 2019: 24th European Symposium on Research in …, 2019 | 27 | 2019 |
The Security Lottery: Measuring {Client-Side} Web Security Inconsistencies S Roth, S Calzavara, M Wilhelm, A Rabitti, B Stock 31st USENIX Security Symposium (USENIX Security 22), 2047-2064, 2022 | 25 | 2022 |
Machine learning for web vulnerability detection: the case of cross-site request forgery S Calzavara, M Conti, R Focardi, A Rabitti, G Tolomei IEEE Security & Privacy 18 (3), 8-16, 2020 | 23 | 2020 |
Sub-session hijacking on the web: Root causes and prevention S Calzavara, A Rabitti, M Bugliesi Journal of Computer Security 27 (2), 233-257, 2019 | 21 | 2019 |
{CCSP}: Controlled Relaxation of Content Security Policies by Runtime Policy Composition S Calzavara, A Rabitti, M Bugliesi 26th USENIX Security Symposium (USENIX Security 17), 695-712, 2017 | 16 | 2017 |
Compositional typed analysis of ARBAC policies S Calzavara, A Rabitti, M Bugliesi 2015 IEEE 28th Computer Security Foundations Symposium, 33-45, 2015 | 10 | 2015 |
Measuring web session security at scale S Calzavara, H Jonker, B Krumnow, A Rabitti Computers & Security 111, 102472, 2021 | 8 | 2021 |
Dr Cookie and Mr Token-Web Session Implementations and How to Live with Them. S Calzavara, A Rabitti, M Bugliesi ITASEC, 2018 | 6 | 2018 |
Static detection of collusion attacks in ARBAC-based workflow systems S Calzavara, A Rabitti, E Steffinlongo, M Bugliesi 2016 IEEE 29th Computer Security Foundations Symposium (CSF), 458-470, 2016 | 6 | 2016 |
You call this archaeology? evaluating web archives for reproducible web security measurements F Hantke, S Calzavara, M Wilhelm, A Rabitti, B Stock Proceedings of the 2023 ACM SIGSAC Conference on Computer and Communications …, 2023 | 4 | 2023 |
Formal verification of Liferay RBAC S Calzavara, A Rabitti, M Bugliesi Engineering Secure Software and Systems: 7th International Symposium, ESSoS …, 2015 | 3 | 2015 |
A hard lesson: Assessing the HTTPS deployment of Italian university websites S Calzavara, R Focardi, A Rabitti, L Soligo CEUR WORKSHOP PROCEEDINGS 2597, 93-104, 2020 | 2 | 2020 |
Semantically sound analysis of content security policies S Calzavara, A Rabitti, M Bugliesi Formal Techniques for Distributed Objects, Components, and Systems: 39th …, 2019 | 1 | 2019 |
Cryptographic Web Applications: from Security Engineering to Formal Analysis M Bugliesi, S Calzavara, A Rabitti Handbook of Formal Analysis and Verification in Cryptography, 275-318, 2023 | | 2023 |
Content Security Policy: A Broken Promise? S Calzavara, A Rabitti, M Bugliesi | | |