talks

publicly available videos

You can find some publicly available recordings of talks that I gave below.

My research has also been presented on the following first class industry conferences:

Below you can find a selection of talks that I held in the past decade. I gave talks all over the world on academic conferences, on industrie conferences, and invited talks on special purposes.

2023

  1. Every Signature Is Broken: On the Insecurity of Microsoft Office’s OOXML Signatures
    Simon Rohlmann, Vladislav Mladenov, Christian Mainka, Daniel Hirschberger, and Jörg Schwenk
    In USENIX Security Symposium , Anaheim, CA, USA, accepted papers: 419/1444 = 29%, Aug 2023

2022

  1. SCI ACNS
    Hey... It’s a PDF. What Can Go Wrong?
    Christian Mainka, and Vladislav Mladenov
    In Workshop on Secure Cryptographic Implementation (SCI) In Conjunction with ACNS 2022 , Rome, Italy, Jun 2022
  2. Nachgehackt
    Der Podcast zu IT Security: Cyberwar
    Nachgehackt
    Aug 2022
  3. UPB
    Web Security: OAuth and OpenID Connect
    Christian Mainka
    In Padaborn University , Germany, Jun 2022

2021

  1. Shadow Attacks: Hiding and Replacing Content in Signed PDFs
    Christian Mainka, Vladislav Mladenov, and Simon Rohlmann
    In Network and Distributed System Security Symposium , Virtual Conference, accepted papers: 87/573 = 15%, Feb 2021
  2. UPB
    Web Security: OAuth and OpenID Connect
    Christian Mainka
    In Padaborn University , Germany, Jun 2021

2019

  1. OWASP
    How to Break PDF Security
    Christian Mainka, and Jens Müller
    In German OWASP Day , Karlsruhe, Germany, Dec 2019
  2. CCS
    2019_csaw.jpg
    1 Trillion Dollar Refund: How To Spoof PDF Signatures
    Vladislav Mladenov, Christian Mainka,  Karsten Meyer zu Selhausen, Martin Grothe, and Jörg Schwenk
    In ACM SIGSAC Conference on Computer and Communications Security , London, United Kingdom, accepted papers: 149/933 = 16%, Nov 2019

2017

  1. SoK: Single Sign-On Security – An Evaluation of OpenID Connect
    Christian Mainka, Vladislav Mladenov, Tobias Wich, and Jörg Schwenk
    In European Symposium on Security and Privacy (Euro S&P) , Parice, France, accepted papers: 38/194 = 20%, Apr 2017

2016

  1. XML
    From DTD to XXE - An Evaluation of XML-Parsers
    Christian Mainka, and Christopher Späth
    In XML Amsterdam , Amsterdam, Netherlands, Nov 2016
  2. OWASP
    From DTD to XXE - An Evaluation of XML-Parsers
    Christian Mainka, and Christopher Späth
    In OWASP AppSec EU , Rome, Italy, Jun 2016
  3. PhD Thesis
    On Message-Level Security
    Christian Mainka
    Dec 2016
  4. Do Not Trust Me: Using Malicious IdPs for Analyzing and Attacking Single Sign-On
    Christian Mainka, Vladislav Mladenov, and Jörg Schwenk
    In European Symposium on Security and Privacy (Euro S&P) , Saarbrücken, Germany, accepted papers: 29/169 = 17%, Dec 2016
  5. OWASP
    Systematically Breaking and Fixing OpenID Connect
    Christian Mainka, and Vladislav Mladenov
    In OWASP AppSec EU , Rome, Italy, Jun 2016

2015

  1. QASA
    AdIDoS – Adaptive and Intelligent Fully-Automatic Detection of Denial-of-Service Weaknesses in Web Services
    Christian Altmeier, Christian Mainka, Juraj Somorovsky, and Jörg Schwenk
    In International Workshop on Quantitative Aspects of Security Assurance (QASA) , Vienna, Austria, Sep 2015
  2. WOOT
    How to Break XML Encryption – Automatically
    Dennis Kupser, Christian Mainka, Juraj Somorovsky, and Jörg Schwenk
    In USENIX Workshop on Offensive Technologies (WOOT) , Washington, D.C., USA, accepted papers: 20/57 = 35%, Aug 2015
  3. IETF
    Attacks on OAuth and OpenID Connect
    Christian Mainka, and Vladislav Mladenov
    In IETF OAuth Working Group Security Meeting , Darmstadt, Germany, Dec 2015

2013

  1. CAST
    Automatisierte Sicherheitsanalyse von XML-basierten Schnittstellen
    Christian Mainka, and Vladislav Mladenov
    In Competence Center for Applied Security Technology, CAST e.V. , Darmstadt, Jun 2013
  2. SSK
    Best Practices Für Webservices
    Christian Mainka
    In 2. Stralsunder Sicherheitskonferenz , Stralsund, Jul 2013
  3. OWASP
    WS-Attacker: An OpenSource Penetration Testing Framework
    Christian Mainka, and Juraj Somorovsky
    In OWASP AppSec Europe , Hamburg, Aug 2013
  4. MyPHD
    XML-Security in Webservices and Single-Sign On
    Christian Mainka
    In MyPHD , Hamburg, Sep 2013

2012

  1. IBM
    Aktuelle Forschungsergebnisse zur Netzwerk-Security mit SOAP- und XML- Web Services
    Christian Mainka, and Juraj Somorovsky
    In IBM Frankfurt , Frankfurt, Germany, Nov 2012
  2. OWASP
    On Breaking SAML: Be Whoever You Want to Be
    Christian Mainka, and Juraj Somorovsky
    In German OWASP Day , Munich, Germany, Nov 2012
  3. Penetration Testing Tool for Web Services Security
    Christian Mainka, Juraj Somorovsky, and Jörg Schwenk
    In World Congress on Services (SERVICES) , Honolulu, HI, USA, Jun 2012
  4. FSCC
    XSpRES: Robust and Effective XML Signatures for Web Services
    Christian Mainka
    In 2. Fachgespräch Sicherheit Für Cloud Computing , Paderborn, Germany, Jun 2012
  5. CLOSER
    XSpRES: Robust and Effective XML Signatures for Web Services
    Christian Mainka, Meiko Jensen, Luigi Lo Iacono, and Jörg Schwenk
    In International Conference on Cloud Computing and Services Science (CLOSER) , Porto, Portugal, accepted papers: 15/145 = 10%, Apr 2012