talks

publicly available videos

You can find some publicly available recordings of talks that I gave below.

My research has also been presented on the following first class industry conferences:

Below you can find a selection of talks that I held in the past decade. I gave talks all over the world on academic conferences, on industrie conferences, and invited talks on special purposes.

2023

  1. Every Signature Is Broken: On the Insecurity of Microsoft Office’s OOXML Signatures
    Simon Rohlmann, Vladislav Mladenov, Christian Mainka, Daniel Hirschberger, and Jörg Schwenk
    In USENIX Security Symposium, Anaheim, CA, USA, accepted papers: 419/1444 = 29%, Aug 2023

2022

  1. Nachgehackt
    Der Podcast zu IT Security: Cyberwar
    Nachgehackt
    Aug 2022
  2. SCI ACNS
    Hey... It’s a PDF. What Can Go Wrong?
    Christian Mainka, and Vladislav Mladenov
    In Workshop on Secure Cryptographic Implementation (SCI) In Conjunction with ACNS 2022, Rome, Italy, Jun 2022
  3. UPB
    Web Security: OAuth and OpenID Connect
    Christian Mainka
    In Padaborn University, Germany, Jun 2022

2021

  1. Shadow Attacks: Hiding and Replacing Content in Signed PDFs
    Christian Mainka, Vladislav Mladenov, and Simon Rohlmann
    In Network and Distributed System Security Symposium, Virtual Conference, accepted papers: 87/573 = 15%, Feb 2021
  2. UPB
    Web Security: OAuth and OpenID Connect
    Christian Mainka
    In Padaborn University, Germany, Jun 2021

2019

  1. CCS
    2019_csaw.jpg
    1 Trillion Dollar Refund: How To Spoof PDF Signatures
    Vladislav Mladenov, Christian Mainka,  Karsten Meyer zu Selhausen, Martin Grothe, and Jörg Schwenk
    In ACM SIGSAC Conference on Computer and Communications Security, London, United Kingdom, accepted papers: 149/933 = 16%, Nov 2019
  2. OWASP
    How to Break PDF Security
    Christian Mainka, and Jens Müller
    In German OWASP Day, Karlsruhe, Germany, Dec 2019

2017

  1. SoK: Single Sign-On Security – An Evaluation of OpenID Connect
    Christian Mainka, Vladislav Mladenov, Tobias Wich, and Jörg Schwenk
    In European Symposium on Security and Privacy (Euro S&P), Parice, France, accepted papers: 38/194 = 20%, Apr 2017

2016

  1. Do Not Trust Me: Using Malicious IdPs for Analyzing and Attacking Single Sign-On
    Christian Mainka, Vladislav Mladenov, and Jörg Schwenk
    In European Symposium on Security and Privacy (Euro S&P), Saarbrücken, Germany, accepted papers: 29/169 = 17%, Apr 2016
  2. PhD Thesis
    On Message-Level Security
    Christian Mainka
    Dec 2016
  3. OWASP
    Systematically Breaking and Fixing OpenID Connect
    Christian Mainka, and Vladislav Mladenov
    In OWASP AppSec EU, Rome, Italy, Jun 2016
  4. OWASP
    From DTD to XXE - An Evaluation of XML-Parsers
    Christian Mainka, and Christopher Späth
    In OWASP AppSec EU, Rome, Italy, Jun 2016
  5. XML
    From DTD to XXE - An Evaluation of XML-Parsers
    Christian Mainka, and Christopher Späth
    In XML Amsterdam, Amsterdam, Netherlands, Nov 2016

2015

  1. QASA
    AdIDoS – Adaptive and Intelligent Fully-Automatic Detection of Denial-of-Service Weaknesses in Web Services
    Christian Altmeier, Christian Mainka, Juraj Somorovsky, and Jörg Schwenk
    In International Workshop on Quantitative Aspects of Security Assurance (QASA), Vienna, Austria, Sep 2015
  2. WOOT
    How to Break XML Encryption – Automatically
    Dennis Kupser, Christian Mainka, Juraj Somorovsky, and Jörg Schwenk
    In USENIX Workshop on Offensive Technologies (WOOT), Washington, D.C., USA, accepted papers: 20/57 = 35%, Aug 2015
  3. IETF
    Attacks on OAuth and OpenID Connect
    Christian Mainka, and Vladislav Mladenov
    In IETF OAuth Working Group Security Meeting, Darmstadt, Germany, Dec 2015

2013

  1. CAST
    Automatisierte Sicherheitsanalyse von XML-basierten Schnittstellen
    Christian Mainka, and Vladislav Mladenov
    In Competence Center for Applied Security Technology, CAST e.V., Darmstadt, Jun 2013
  2. SSK
    Best Practices Für Webservices
    Christian Mainka
    In 2. Stralsunder Sicherheitskonferenz, Stralsund, Jul 2013
  3. OWASP
    WS-Attacker: An OpenSource Penetration Testing Framework
    Christian Mainka, and Juraj Somorovsky
    In OWASP AppSec Europe, Hamburg, Aug 2013
  4. MyPHD
    XML-Security in Webservices and Single-Sign On
    Christian Mainka
    In MyPHD, Hamburg, Sep 2013

2012

  1. Penetration Testing Tool for Web Services Security
    Christian Mainka, Juraj Somorovsky, and Jörg Schwenk
    In World Congress on Services (SERVICES), Honolulu, HI, USA, Jun 2012
  2. CLOSER
    XSpRES: Robust and Effective XML Signatures for Web Services
    Christian Mainka, Meiko Jensen, Luigi Lo Iacono, and Jörg Schwenk
    In International Conference on Cloud Computing and Services Science (CLOSER), Porto, Portugal, accepted papers: 15/145 = 10%, Apr 2012
  3. IBM
    Aktuelle Forschungsergebnisse zur Netzwerk-Security mit SOAP- und XML- Web Services
    Christian Mainka, and Juraj Somorovsky
    In IBM Frankfurt, Frankfurt, Germany, Nov 2012
  4. OWASP
    On Breaking SAML: Be Whoever You Want to Be
    Christian Mainka, and Juraj Somorovsky
    In German OWASP Day, Munich, Germany, Nov 2012
  5. FSCC
    XSpRES: Robust and Effective XML Signatures for Web Services
    Christian Mainka
    In 2. Fachgespräch Sicherheit Für Cloud Computing, Paderborn, Germany, Jun 2012