Towards Automatic Detection and Exploitation of Java Web Application Vulnerabilities via Concolic Execution guided by Cross-thread Object Manipulation.

[BibT_eX]

[DOI]

Xinyou Huang

Lei Zhang

Proceedings of the 34th USENIX Security Symposium, 2025

ChainFuzz: Exploiting Upstream Vulnerabilities in Open-Source Supply Chains.

[BibT_eX]

[DOI]

Proceedings of the 34th USENIX Security Symposium, 2025

Beyond Exploit Scanning: A Functional Change-Driven Approach to Remote Software Version Identification.

[BibT_eX]

[DOI]

Proceedings of the 34th USENIX Security Symposium, 2025

Misdirection of Trust: Demystifying the Abuse of Dedicated URL Shortening Service.

[BibT_eX]

[DOI]

Proceedings of the 32nd Annual Network and Distributed System Security Symposium, 2025

Exposing the Hidden Layer: Software Repositories in the Service of Seo Manipulation.

[BibT_eX]

[DOI]

Proceedings of the 47th IEEE/ACM International Conference on Software Engineering, 2025

2024

The Dark Forest: Understanding Security Risks of Cross-Party Delegated Resources in Mobile App-in-App Ecosystems.

[BibT_eX]

[DOI]

IEEE Trans. Inf. Forensics Secur., 2024

Component Security Ten Years Later: An Empirical Study of Cross-Layer Threats in Real-World Mobile Applications.

[BibT_eX]

[DOI]

Proc. ACM Softw. Eng., 2024

RecurScan: Detecting Recurring Vulnerabilities in PHP Web Applications.

[BibT_eX]

[DOI]

Proceedings of the ACM on Web Conference 2024, 2024

Efficient Detection of Java Deserialization Gadget Chains via Bottom-up Gadget Search and Dataflow-aided Payload Construction.

[BibT_eX]

[DOI]

Proceedings of the IEEE Symposium on Security and Privacy, 2024

2023

Understanding Privacy Over-collection in WeChat Sub-app Ecosystem.

[BibT_eX]

[DOI]

CoRR, 2023

TrustedDomain Compromise Attack in App-in-app Ecosystems.

[BibT_eX]

[DOI]

Proceedings of the 2023 ACM Workshop on Secure and Trustworthy Superapps, 2023

NestFuzz: Enhancing Fuzzing with Comprehensive Understanding of Input Processing Logic.

[BibT_eX]

[DOI]

Proceedings of the 2023 ACM SIGSAC Conference on Computer and Communications Security, 2023

2022

Identity Confusion in WebView-based Mobile App-in-app Ecosystems.

[BibT_eX]

[DOI]

Proceedings of the 31st USENIX Security Symposium, 2022

Exploit the Last Straw That Breaks Android Systems.

[BibT_eX]

[DOI]

Proceedings of the 43rd IEEE Symposium on Security and Privacy, 2022

2020

TextExerciser: Feedback-driven Text Input Exercising for Android Applications.

[BibT_eX]

[DOI]

Proceedings of the 2020 IEEE Symposium on Security and Privacy, 2020

2019

App in the Middle: Demystify Application Virtualization in Android and its Security Threats.

[BibT_eX]

[DOI]

Proceedings of the Abstracts of the 2019 SIGMETRICS/Performance Joint International Conference on Measurement and Modeling of Computer Systems, 2019

UR: A User-Based Collaborative Filtering Recommendation System Based on Trust Mechanism and Time Weighting.

[BibT_eX]

[DOI]

Proceedings of the 25th IEEE International Conference on Parallel and Distributed Systems, 2019

2018

Invetter: Locating Insecure Input Validations in Android Services.

[BibT_eX]

[DOI]

Proceedings of the 2018 ACM SIGSAC Conference on Computer and Communications Security, 2018

How You Get Shot in the Back: A Systematical Study about Cryptojacking in the Real World.

[BibT_eX]

[DOI]

Proceedings of the 2018 ACM SIGSAC Conference on Computer and Communications Security, 2018

2016

A survey of privacy protection techniques for mobile devices.

[BibT_eX]

[DOI]

J. Commun. Inf. Networks, 2016

Lei Zhang

Timeline

Legend:

Links

Online presence:

On csauthors.net:

Bibliography

Loading...