Christian Mainka

Tenured IT Security Researcher


I am a tenured researcher at the faculty of computer science at Ruhr University Bochum. With over a decade of experience in web and data security research, my work has been presented at top-tier academic and industry conferences. I have published 31 peer-reviewed papers, including 11 at top-tier conferences in my field and 3 awarded papers.

I have filed numerous CVEs in widely used applications and libraries.  I am the originator of the penetration test tools WS-Attacker and the Single Sign-On Burpsuite Extension EsPReSSO, which have proven valuable in the industry. My PhD research focused on XML-based web services and Single Sign-On protocols, such as OAuth and OpenID Connect and SAML. Since then, I have expanded my research to explore the robustness of digital systems, with a particular focus on document security. My current work involves investigating cryptographic failures related to document signatures and encryption using fault injection. I am also engaged in researching browser security, with a specific focus on security and privacy issues resulting from SOP bypasses, including XS-Leaks. In 2018, I got a permanent research position at the Chair for Network and Datasecurity and continue to explore innovative solutions to the challenges of cybersecurity.

open position

I am looking for a PhD Candidate (100% TVL-E13) working on PDF Security. Contact me via mail.


Jun 14, 2024 The Faculty of Computer Science awarded the lecture Message-Level Security with the Excellent Teaching Award.

selected publications

  1. CCS
    XSinator.Com: From a Formal Model to the Automatic Evaluation of Cross-Site Leaks in Web Browsers
    Lukas Knittel, Christian Mainka, Marcus Niemietz, Dominik Noß, and Jörg Schwenk
    In ACM SIGSAC Conference on Computer and Communications Security, Seoul, South Korea (Virtual Conference), accepted papers: 196/879 = 22%, Nov 2021
  2. CCS
    1 Trillion Dollar Refund: How To Spoof PDF Signatures
    Vladislav Mladenov, Christian Mainka,  Karsten Meyer zu Selhausen, Martin Grothe, and Jörg Schwenk
    In ACM SIGSAC Conference on Computer and Communications Security, London, United Kingdom, accepted papers: 149/933 = 16%, Nov 2019
  3. Oops... Code Execution and Content Spoofing: The First Comprehensive Analysis of OpenDocument Signatures
    Simon Rohlmann, Christian Mainka, Vladislav Mladenov, and Jörg Schwenk
    In USENIX Security Symposium, Boston, MA, USA, accepted papers: 256/1492 = 17%, Aug 2022