Homepage Lieven Desmet
Who am I ?
I'm the Research Manager on Secure Software in the DistriNet Research Group at the Katholieke Universiteit Leuven (Belgium), where I outline and implement the research strategy, coach junior researchers in (web) application security, and participate in dissemination and valorisation activities.
My main research interests are in (web) application security and software verification. I'm also involved in the Open Web Application Security Project (OWASP) as a board member of the Belgium OWASP Chapter.
CsFire: CSRF protection in FireFox
CsFire autonomously protects you against dangerous or malicious cross-domain requests, such as Cross-Site Request Forgery (CSRF). CSRF is very prevalent and dangerous, as stated by the OWASP top 10, as well as the CWE/SANS top 25 programming errors.
- Steven Van Acker, Nick Nikiforakis, Lieven Desmet, Wouter Joosen, Frank Piessens, FlashOver: Automated discovery of cross-site scripting vulnerabilities in rich internet applications, AsiaCCS, Seoul, 2-4 May 2012
- Gabriela Gheorghe, Bruno Crispo, Roberto Carbone, Lieven Desmet, Wouter Joosen, Deploy, adjust and readjust: Supporting dynamic reconfiguration of policy enforcement, ACM/IFIP/USENIX 12th International Middleware Conference, volume 7049, Lisboa, Portugal, 12-16 December 2011
- Steven Van Acker, Philippe De Ryck, Lieven Desmet, Frank Piessens, Wouter Joosen, WebJail: Least-privilege integration of third-party components in web mashups, Proceedings of the 27th Annual Computer Security Applications Conference, volume 1, issue 1, pages 307-316, Orlando, Florida, USA, 5-9 December 2011
- Philippe De Ryck, Lieven Desmet, Wouter Joosen, Frank Piessens, Automatic and precise client-side protection against CSRF attacks, European Symposium on Research in Computer Security (ESORICS 2011), Lecture Notes in Computer Science, volume 6879, pages 100-116, Leuven, Belgium, 12-14 September 2011
- Philippe De Ryck, Lieven Desmet, Pieter Philippaerts, Frank Piessens, A security analysis of next generation web standards, Technical Report, European Network and Information Security Agency (ENISA), 31 July 2011
- Philippe De Ryck, Lieven Desmet, Thomas Heyman, Frank Piessens, Wouter Joosen, CsFire: Transparent client-side mitigation of malicious cross-domain requests, Lecture Notes in Computer Science, volume 5965, pages 18-34, Pisa, Italy, 3-4 February 2010.
- Lieven Desmet, Pierre Verbaeten, Wouter Joosen, and Frank Piessens, Provable Protection against Web Application Vulnerabilities Related to Session Data Dependencies, IEEE Transactions on Software Engineering, vol. 34, no. 1, pp. 50-64, Jan., 2008.