Christian Mainka

IT Security Researcher

prof_pic_wide.jpg

I am an IT security professor at University of Wuppertal where I lead the group ROSES (Robust, Secure and Privacy-Preserving Smart Systems). Also, I am one of the founders of Hackmanit, a Freelancer, organizer of RuhrSec, hiker, cyclist, and handball player.

With almost two decades of experience in web and data security research, my work was presented at top-tier academic and industry conferences. I have published 32 peer-reviewed papers, including 12 at top-tier conferences in my field and 3 awarded papers.

I have filed numerous CVEs in widely used applications and libraries.  I am the originator of the penetration test tools WS-Attacker and the Single Sign-On Burpsuite Extension EsPReSSO, which have proven valuable in the industry. My PhD research focused on XML-based web services and Single Sign-On protocols, such as OAuth and OpenID Connect and SAML. Since then, I have expanded my research to explore the robustness of digital systems, with a particular focus on document security. My current work involves investigating cryptographic failures related to document signatures and encryption using fault injection. I am also engaged in researching browser security, with a specific focus on security and privacy issues resulting from SOP bypasses, including XS-Leaks. In 2018, I got a permanent research position at the Chair for Network and Datasecurity lead by Prof. Jörg Schwenk. In May 2025, I joined the University of Wuppertal and continue to explore innovative solutions to the challenges of cybersecurity.

open position

I am looking for a PhD Candidate (100% TVL-E13) working with me on Topics around Web and Data Security. Contact me via mail if you would like to work in our Team on practical IT security topics.

news

May 05, 2025 I joined the University of Wuppertal.

selected publications

  1. CCS
    2021_xsinator.png
    XSinator.Com: From a Formal Model to the Automatic Evaluation of Cross-Site Leaks in Web Browsers
    Lukas Knittel, Christian Mainka, Marcus Niemietz, Dominik Noß, and Jörg Schwenk
    In ACM SIGSAC Conference on Computer and Communications Security, Seoul, South Korea (Virtual Conference), accepted papers: 196/879 = 22%, Nov 2021
  2. CCS
    2019_csaw.jpg
    1 Trillion Dollar Refund: How To Spoof PDF Signatures
    Vladislav Mladenov, Christian Mainka,  Karsten Meyer zu Selhausen, Martin Grothe, and Jörg Schwenk
    In ACM SIGSAC Conference on Computer and Communications Security, London, United Kingdom, accepted papers: 149/933 = 16%, Nov 2019
  3. Oops... Code Execution and Content Spoofing: The First Comprehensive Analysis of OpenDocument Signatures
    Simon Rohlmann, Christian Mainka, Vladislav Mladenov, and Jörg Schwenk
    In USENIX Security Symposium, Boston, MA, USA, accepted papers: 256/1492 = 17%, Aug 2022