talks

publicly available videos

You can find some publicly available recordings of talks that I gave below.

My research has also been presented on the following first class industry conferences:

Below you can find a selection of talks that I held in the past decade. I gave talks all over the world on academic conferences, on industrie conferences, and invited talks on special purposes.

2023

  1. Every Signature Is Broken: On the Insecurity of Microsoft Office’s OOXML Signatures
    Simon Rohlmann, Vladislav Mladenov, Christian Mainka, Daniel Hirschberger, and Jörg Schwenk
    USENIX Security Symposium, Anaheim, CA, USA, accepted papers: 419/1444 = 29%. Aug 2023

2022

  1. SCI ACNS
    Hey... It’s a PDF. What Can Go Wrong?
    Christian Mainka, and Vladislav Mladenov
    Workshop on Secure Cryptographic Implementation (SCI) In Conjunction with ACNS 2022, Rome, Italy. Jun 2022
  2. Nachgehackt
    Der Podcast zu IT Security: Cyberwar
    Nachgehackt
    Aug 2022
  3. Web Security: OAuth and OpenID Connect
    Christian Mainka
    Padaborn University, Germany. Jun 2022

2021

  1. Shadow Attacks: Hiding and Replacing Content in Signed PDFs
    Christian Mainka, Vladislav Mladenov, and Simon Rohlmann
    Network and Distributed System Security Symposium, Virtual Conference, accepted papers: 87/573 = 15%. Feb 2021
  2. Web Security: OAuth and OpenID Connect
    Christian Mainka
    Padaborn University, Germany. Jun 2021

2019

  1. OWASP
    How to Break PDF Security
    Christian Mainka, and Jens Müller
    German OWASP Day, Karlsruhe, Germany. Dec 2019
  2. 2019_csaw.jpg
    CCS
    1 Trillion Dollar Refund: How To Spoof PDF Signatures
    Vladislav Mladenov, Christian Mainka, Karsten Selhausen, Martin Grothe, and Jörg Schwenk
    ACM SIGSAC Conference on Computer and Communications Security, London, United Kingdom, accepted papers: 149/933 = 16%. Nov 2019

2017

  1. SoK: Single Sign-On Security – An Evaluation of OpenID Connect
    Christian Mainka, Vladislav Mladenov, Tobias Wich, and Jörg Schwenk
    European Symposium on Security and Privacy (Euro S&P), Parice, France, accepted papers: 38/194 = 20%. Apr 2017

2016

  1. XML
    From DTD to XXE - An Evaluation of XML-Parsers
    Christian Mainka, and Christopher Späth
    XML Amsterdam, Amsterdam, Netherlands. Nov 2016
  2. OWASP
    From DTD to XXE - An Evaluation of XML-Parsers
    Christian Mainka, and Christopher Späth
    OWASP AppSec EU, Rome, Italy. Jun 2016
  3. PhD Thesis
    On Message-Level Security
    Christian Mainka
    Dec 2016
  4. Do Not Trust Me: Using Malicious IdPs for Analyzing and Attacking Single Sign-On
    Christian Mainka, Vladislav Mladenov, and Jörg Schwenk
    European Symposium on Security and Privacy (Euro S&P), Saarbrücken, Germany, accepted papers: 29/169 = 17%. Dec 2016
  5. OWASP
    Systematically Breaking and Fixing OpenID Connect
    Christian Mainka, and Vladislav Mladenov
    OWASP AppSec EU, Rome, Italy. Jun 2016

2015

  1. QASA
    AdIDoS – Adaptive and Intelligent Fully-Automatic Detection of Denial-of-Service Weaknesses in Web Services
    Christian Altmeier, Christian Mainka, Juraj Somorovsky, and Jörg Schwenk
    International Workshop on Quantitative Aspects of Security Assurance (QASA), Vienna, Austria. Sep 2015
  2. WOOT
    How to Break XML Encryption – Automatically
    Dennis Kupser, Christian Mainka, Juraj Somorovsky, and Jörg Schwenk
    USENIX Workshop on Offensive Technologies (WOOT), Washington, D.C., USA, accepted papers: 20/57 = 35%. Aug 2015
  3. IETF
    Attacks on OAuth and OpenID Connect
    Christian Mainka, and Vladislav Mladenov
    IETF OAuth Working Group Security Meeting, Darmstadt, Germany. Dec 2015

2013

  1. CAST
    Automatisierte Sicherheitsanalyse von XML-basierten Schnittstellen
    Christian Mainka, and Vladislav Mladenov
    Competence Center for Applied Security Technology, CAST e.V., Darmstadt. Jun 2013
  2. SSK
    Best Practices Für Webservices
    Christian Mainka
    2. Stralsunder Sicherheitskonferenz, Stralsund. Jul 2013
  3. OWASP
    WS-Attacker: An OpenSource Penetration Testing Framework
    Christian Mainka, and Juraj Somorovsky
    OWASP AppSec Europe, Hamburg. Aug 2013
  4. MyPHD
    XML-Security in Webservices and Single-Sign On
    Christian Mainka
    MyPHD, Hamburg. Sep 2013

2012

  1. IBM
    Aktuelle Forschungsergebnisse zur Netzwerk-Security mit SOAP- und XML- Web Services
    Christian Mainka, and Juraj Somorovsky
    IBM Frankfurt, Frankfurt, Germany. Nov 2012
  2. OWASP
    On Breaking SAML: Be Whoever You Want to Be
    Christian Mainka, and Juraj Somorovsky
    German OWASP Day, Munich, Germany. Nov 2012
  3. Penetration Testing Tool for Web Services Security
    Christian Mainka, Juraj Somorovsky, and Jörg Schwenk
    World Congress on Services (SERVICES), Honolulu, HI, USA. Jun 2012
  4. FSCC
    XSpRES: Robust and Effective XML Signatures for Web Services
    Christian Mainka
    2. Fachgespräch Sicherheit Für Cloud Computing, Paderborn, Germany. Jun 2012
  5. CLOSER
    XSpRES: Robust and Effective XML Signatures for Web Services
    Christian Mainka, Meiko Jensen, Luigi Lo Iacono, and Jörg Schwenk
    International Conference on Cloud Computing and Services Science (CLOSER), Porto, Portugal, accepted papers: 15/145 = 10%. Apr 2012