AI has provided us with the ability to automate tasks, extract information from vast amounts of
data, and synthesize media that is nearly indistinguishable from the real thing. However …

The results of the Cisco 2018 Annual Security Report show that all analyzed web
applications have at least one vulnerability. It also shows that web attacks are becoming …

The European Union's General Data Protection Regulation (GDPR) requires websites to
inform users about personal data collection and request consent for cookies. Yet the majority …

Content Security Policy (CSP) is an emerging W3C standard introduced to mitigate the
impact of content injection vulnerabilities on websites. We perform a systematic, large-scale …

Cross-Site Request Forgery (CSRF) is one of the oldest and simplest attacks on the Web, yet
it is still effective on many websites and it can lead to severe consequences, such as …

Content Security Policy (CSP) is a recent W3C standard introduced to prevent and mitigate
the impact of content injection vulnerabilities on websites. In this article, we introduce a …

In the last few years, many security researchers proposed to endow the web platform with
more rigorous foundations, thus allowing for a precise reasoning on web security issues …

HTTPS aims at securing communication over the Web by providing a cryptographic
protection layer that ensures the confidentiality and integrity of communication and enables …

Single-factor password-based authentication is generally the norm to access on-line Web-
sites. While single-factor authentication is well known to be a weak form of authentication, a …

We propose a methodology to leverage machine learning (ML) for the detection of web
application vulnerabilities. We use it in the design of Mitch, the first ML solution for the black …