Publications

My Google Scholar profile is available here.

Conference Publications

HotFuzz: Discovering Algorithmic Denial-of-Service Vulnerabilities Through Guided Micro-Fuzzing
William Blair, Andrea Mambretti, Sajjad Arshad, Michael Weissbacher, William Robertson, Engin Kirda, Manuel Egele
Network and Distributed Systems Security Symposium (NDSS)
San Diego, USA, February 2020
Paper. Blog post about the paper. Bibtex. Slides.
Acceptance rate: 17.4%, 88/506

Ex-Ray: Detection of History-Leaking Browser Extensions
Michael Weissbacher, Enrico Mariconti, Guillermo Suarez-Tangil, Gianluca Stringhini, William Robertson, Engin Kirda
Annual Computer Security Applications Conference (ACSAC)
San Juan, Puerto Rico, December 2017
Paper. Blog post about the paper. Bibtex. Slides.
Acceptance rate: 19.7%, 48/244

Rise of the HaCRS: Augmenting Autonomous Cyber Reasoning Systems with Human Assistance
Yan Shoshitaishvili, Michael Weissbacher, Lukas Dresel, Christopher Salls, Ruoyu Wang, Christopher Kruegel, Giovanni Vigna
ACM Conference on Computer and Communications Security (CCS)
Dallas, Texas, USA, October 2017
Paper. Blog post about the paper. Bibtex.
Acceptance rate: 17.9%, 151/843

ZigZag: Automatically Hardening Web Applications Against Client-side Validation Vulnerabilities
Michael Weissbacher, William Robertson, Engin Kirda, Christopher Kruegel, Giovanni Vigna
USENIX Security Symposium (USENIX)
Washington DC, USA, August 2015
Paper. Bibtex. Slides.
Acceptance rate: 15.7%, 67/426

BabelCrypt: The Universal Encryption Layer for Mobile Messaging Applications
Ahmet Talha Ozcan, Can Gemicioglu, Kaan Onarlioglu, Michael Weissbacher, Collin Mulliner, William Robertson, Engin Kirda.
Financial Cryptography and Data Security (FC)
Isla Verde, Puerto Rico, January 2015
Paper. Bibtex. Slides.
Acceptance rate: 25%, 23/92

Why is CSP Failing? Trends and Challenges in CSP Adoption
Michael Weissbacher, Tobias Lauinger, William Robertson
International Symposium on Research in Attacks, Intrusions and Defenses (RAID)
Gothenburg, Sweden, September 2014
Paper. Blog post about the paper. Bibtex. Slides.
Acceptance rate: 19.4%, 22/113

Theses

Measurement and Detection of Security Properties of Client-Side Web Applications
PhD Thesis. Boston, Massachusetts, April 2018
Paper.

ZigZag - Hardening Web Applications against CSV Attacks
Masters Thesis. Vienna, Austria, August 2014
Paper.

Searching in Anubis Reports
Technical Report (Bachelors Thesis). Vienna, Austria, December 2011
Paper. Anubis project website (archived).

Community Service

Talks

Ex-Ray: Detection of History-Leaking Browser Extensions
Michael Weissbacher
Federal Trade Commission PrivacyCon, Washington D.C., D.C., USA, February 2018

Ex-Ray: Finding Browser Extensions That Spy on Your Browsing Habits
Michael Weissbacher
OWASP Boston Application Security Conference (BASC), Burlington, MA, USA, October 2017

Content Security Policy. How to Reap Benefits and Avoid Pitfalls
Michael Weissbacher
Paperlesspost, New York, NY, USA, November 2015

ZigZag: Automatically Hardening Web Applications Against Client-side Validation Vulnerabilities
Michael Weissbacher
Seminar On practical Security (SOS), Boston University, Boston, MA, USA, August 2015

ZigZag: Automatically Hardening Web Applications Against Client-side Validation Vulnerabilities
Michael Weissbacher
Office of Naval Research (ONR) meeting, Penn State ARL, Reston, VA, USA, June 2015

Why is CSP Failing? Trends and Challenges in CSP Adoption
Michael Weissbacher
OWASP Boston Application Security Conference (BASC), Cambridge, MA, USA, October 2014

Why is CSP Failing? Trends and Challenges in CSP Adoption
Michael Weissbacher
EURECOM Seminars, Antibes, France, September 2014

Press