Publications

My Google Scholar profile is available here.

Conference Publications

HotFuzz: Discovering Algorithmic Denial-of-Service Vulnerabilities Through Guided Micro-Fuzzing
William Blair, Andrea Mambretti, Sajjad Arshad, Michael Weissbacher, William Robertson, Engin Kirda, Manuel Egele
Network and Distributed Systems Security Symposium (NDSS)
San Diego, USA, February 2020
Paper. Blog post about the paper. Bibtex. Slides.
Acceptance rate: 17.4%, 88/506

Ex-Ray: Detection of History-Leaking Browser Extensions
Michael Weissbacher, Enrico Mariconti, Guillermo Suarez-Tangil, Gianluca Stringhini, William Robertson, Engin Kirda
Annual Computer Security Applications Conference (ACSAC)
San Juan, Puerto Rico, December 2017
Paper. Blog post about the paper. Bibtex. Slides.
Acceptance rate: 19.7%, 48/244

Rise of the HaCRS: Augmenting Autonomous Cyber Reasoning Systems with Human Assistance
Yan Shoshitaishvili, Michael Weissbacher, Lukas Dresel, Christopher Salls, Ruoyu Wang, Christopher Kruegel, Giovanni Vigna
ACM Conference on Computer and Communications Security (CCS)
Dallas, Texas, USA, October 2017
Paper. Blog post about the paper. Bibtex.
Acceptance rate: 17.9%, 151/843

ZigZag: Automatically Hardening Web Applications Against Client-side Validation Vulnerabilities
Michael Weissbacher, William Robertson, Engin Kirda, Christopher Kruegel, Giovanni Vigna
USENIX Security Symposium (USENIX)
Washington DC, USA, August 2015
Paper. Bibtex. Slides.
Acceptance rate: 15.7%, 67/426

BabelCrypt: The Universal Encryption Layer for Mobile Messaging Applications
Ahmet Talha Ozcan, Can Gemicioglu, Kaan Onarlioglu, Michael Weissbacher, Collin Mulliner, William Robertson, Engin Kirda.
Financial Cryptography and Data Security (FC)
Isla Verde, Puerto Rico, January 2015
Paper. Bibtex. Slides.
Acceptance rate: 25%, 23/92

Why is CSP Failing? Trends and Challenges in CSP Adoption
Michael Weissbacher, Tobias Lauinger, William Robertson
International Symposium on Research in Attacks, Intrusions and Defenses (RAID)
Gothenburg, Sweden, September 2014
Paper. Blog post about the paper. Bibtex. Slides.
Acceptance rate: 19.4%, 22/113

Workshop Publications

Go or No Go: Differential Fuzzing of Native and C Libraries
Alessandro Sorniotti, Michael Weissbacher, Anil Kurmus
Workshop on Offensive Technologies (WOOT)
San Francisco, USA, May 2023
Paper. Blog post about the paper. Bibtex. Slides.
Acceptance rate: 55.2%, 16/29

Journals

HotFuzz: Discovering Temporal and Spatial Denial-of-Service Vulnerabilities Through Guided Micro-Fuzzing
William Blair, Andrea Mambretti, Sajjad Arshad, Michael Weissbacher, William Robertson, Engin Kirda, Manuel Egele
ACM Transactions on Privacy and Security
Volume 25 Issue 4, Article No.: 33 pp 1–35
USA, November 2022
Paper. Blog post about the paper. Bibtex.

Theses

Measurement and Detection of Security Properties of Client-Side Web Applications
PhD Thesis. Boston, Massachusetts, April 2018
Paper.

ZigZag - Hardening Web Applications against CSV Attacks
Master's Thesis. Vienna, Austria, August 2014
Paper.

Searching in Anubis Reports
Technical Report (Bachelors Thesis). Vienna, Austria, December 2011
Paper. Anubis project website (archived).

Community Service

Talks

Building a Secure Foundation
Michael Weissbacher
Invited Lecture in Language-Based Security, Chalmers University, Gothenburg, Sweden, May 2023
Details.

Bridging Security Infrastructure Between the Data Center and AWS Lambda
Michael Weissbacher
Splunk Tech Talk, virtual, October 2021

Bridging Security Infrastructure Between the Data Center and AWS Lambda
Michael Weissbacher
Black Hat USA, Las Vegas, NV, USA, August 2021
Details. Video recording.

Ex-Ray: Detection of History-Leaking Browser Extensions
Michael Weissbacher
Federal Trade Commission PrivacyCon, Washington D.C., D.C., USA, February 2018

Ex-Ray: Finding Browser Extensions That Spy on Your Browsing Habits
Michael Weissbacher
OWASP Boston Application Security Conference (BASC), Burlington, MA, USA, October 2017

Content Security Policy. How to Reap Benefits and Avoid Pitfalls
Michael Weissbacher
Paperlesspost, New York, NY, USA, November 2015

ZigZag: Automatically Hardening Web Applications Against Client-side Validation Vulnerabilities
Michael Weissbacher
Seminar On practical Security (SOS), Boston University, Boston, MA, USA, August 2015

ZigZag: Automatically Hardening Web Applications Against Client-side Validation Vulnerabilities
Michael Weissbacher
Office of Naval Research (ONR) meeting, Penn State ARL, Reston, VA, USA, June 2015

Why is CSP Failing? Trends and Challenges in CSP Adoption
Michael Weissbacher
OWASP Boston Application Security Conference (BASC), Cambridge, MA, USA, October 2014

Why is CSP Failing? Trends and Challenges in CSP Adoption
Michael Weissbacher
EURECOM Seminars, Antibes, France, September 2014

Books / Chapters

Solving the Bottom Turtle - a SPIFFE Way to Establish Trust in Your Infrastructure via Universal Identity Contributed to chapter Practitioners' Stories
Daniel Feldman, Emily Fox, Evan Gilman, Ian Haken, Frederick Kautz, Umair Khan, Max Lambrecht, Brandon Lum, Agustín Martínez Fayó, Eli Nesterov, Andrés Vega, Michael Wardrop
Sprint Lab, New Zealand, 2020
ISBN: 9780578777375
Book website

Press