I am a third-year PhD student at Stony Brook University working in R. Sekar's Secure Systems Laboratory . My main area of interest is Web Security. You can read more details in my Research page. Stony Brook Students interested in a CSE593/523 project in Web Security can look at the Projects page.
I am primarily interested in Web Security. Specifically, my research has been so far focused on securing users from vulnerabilities such as XSS, CSRF and HPP which exploit web application bugs to attack the user instead of the application itself. The XSS filter I developed for Firefox and my recent publication fall into this category.
I have also developed an XSS scanner that I will attempt to publish and/or release in the upcoming months, along with tools that allow an attacker to use search engines to discover new vulnerable sites, which I am hoping to publish as well (though I probably won't release the actual code).
Currently, I am trying to widen my research interests by getting involved with privacy issues related to behavioral advertisement and Mashup policies for Web 2.0 applications. Unfortunately, it seems that there are only 24 hours in a day...
My thesis topic has not been decided yet, and therefore these topics might change over time.
Private Research page (SecLab only)
Hello MS students! Yes, we can work together! Since I am constantly opening up more research avenues than I can handle, I am always looking for help from capable MS students. Technically, you would be advised by Prof. Sekar, but in practice I handle Web Security projects by myself. He and my labmates might be in need of MS students as well for their own research interests, so check with them if Web Security is not your thing.
What to expect when taking a CSE593/523 with me:
Riccardo Pelizzi, R. Sekar. A Server- and Browser-Transparent CSRF Defense for Web 2.0 Applications. In Annual Computer Security Applications Conference. (ACSAC 2011), December 2011. [PDF] [SLIDES] [CODE]
Riccardo Pelizzi, R. Sekar. Protection, Usability and Improvements in Reflected XSS Filters. In ACM Symposium on Information, Computer and Communications Security. (ASIACCS 2012), May 2012. [PDF] [SLIDES]