I am a tenured researcher at the faculty of computer science at Ruhr University Bochum. With over a decade of experience in web and data security research, my work has been presented at top-tier academic and industry conferences. I have published 30 peer-reviewed papers, including 11 at top-tier conferences in my field and 3 awarded papers.
I have filed numerous CVEs in widely used applications and libraries. I am the originator of the penetration test tools WS-Attacker and the Single Sign-On Burpsuite Extension EsPReSSO, which have proven valuable in the industry. My PhD research focused on XML-based web services and Single Sign-On protocols, such as OAuth and OpenID Connect and SAML. Since then, I have expanded my research to explore the robustness of digital systems, with a particular focus on document security. My current work involves investigating cryptographic failures related to document signatures and encryption using fault injection. I am also engaged in researching browser security, with a specific focus on security and privacy issues resulting from SOP bypasses, including XS-Leaks. In 2018, I got a permanent research position at the Chair for Network and Datasecurity and continue to explore innovative solutions to the challenges of cybersecurity.
- Web security
- Browser security: Cross-Site Leaks, Same-Origin Policy
- Web protocol security: Single Sign-On, OAuth, OpenID Connect, REST
- Data security
- Document security: PDF, ODF, OOXML
- Data format security: JSON, XML
- XSinator.Com: From a Formal Model to the Automatic Evaluation of Cross-Site Leaks in Web BrowsersACM SIGSAC Conference on Computer and Communications Security, Seoul, South Korea (Virtual Conference), accepted papers: 196/879 = 22%. Nov 2021
- 1 Trillion Dollar Refund: How To Spoof PDF SignaturesACM SIGSAC Conference on Computer and Communications Security, London, United Kingdom, accepted papers: 149/933 = 16%. Nov 2019
- Oops... Code Execution and Content Spoofing: The First Comprehensive Analysis of OpenDocument SignaturesUSENIX Security Symposium, Boston, MA, USA, accepted papers: 256/1492 = 17%. Aug 2022