Security & Trust

Andrea Bisegna

Andrea Bisegna Collaborator

Publications

2021

  • Andrea Bisegna, Roberto Carbone, Silvio Ranise
    Integrating a Pentesting Tool for IdM Protocols in a Continuous Delivery Pipeline
    In: 4th International Workshop on Emerging Technologies for Authorization and Authentication (ETAA2021) (DOI)

2020

  • Andrea Bisegna, Roberto Carbone, Mariano Ceccato, Salvatore Manfredi, Silvio Ranise, Giada Sciarretta, Alessandro Tomasi, Emanuele Viglianisi
    Automated Assistance to the Security Assessment of API for Financial Services in book Cyber-Physical Threat Intelligence for Critical Infrastructures Security: A Guide to Integrated Cyber-Physical Protection of Modern Critical Infrastructures
    In: Cyber-Physical Threat Intelligence for Critical Infrastructures Security: A Guide to Integrated Cyber-Physical Protection of Modern Critical Infrastructures (DOI)
  • Andrea Bisegna, Roberto Carbone, Giulio Pellizzari, Silvio Ranise
    Micro-Id-Gym: a Flexible Tool for Pentesting Identity Management Protocols in the Wild and in the Laboratory
    In: 3rd International Workshop on Emerging Technologies for Authorization and Authentication (ETAA2020) (DOI)
  • Sergio Manuel Nóbrega Gonçalves, Alessandro Tomasi, Andrea Bisegna, Giulio Pellizzari, Silvio Ranise
    Verifiable Contracting: A Use Case for Onboarding and Contract Offering in Financial Services with eIDAS and Verifiable Credentials
    In: 25th European Symposium on Research in Computer Security (DETIPS2020) (DOI)

2019

  • Andrea Bisegna, Roberto Carbone, Ivan Martini, Valentina Odorizzi, Giulio Pellizzari, Silvio Ranise
    Micro-Id-Gym: Identity Management Workouts with Container-Based Microservices
    In: International Journal of Information Security and Cybercrime (IJISP), Volume 8, Issue 1 (DOI)

Projects

Former

Dissemination

2021

  • March 11, 2021 • Specialized
    Andrea Bisegna, Roberto Carbone, Marco Pernpruner, Silvio Ranise
    Scenari, approcci, esperienze di strong authentication pre e post direttiva PSD2
    Tech Talk (DedaGroup)

Supervised Theses

2023

  • Luigi Dell'Eva (Bachelor's Thesis, University of Trento, 2023)
    Chatting is Healthy: How Better Cybersecurity Hygiene can be Obtained by Integrating Chatbots with Pentesting Tools
    Supervisors: Silvio Ranise | Co-supervisors: Andrea Bisegna, Roberto Carbone
  • Alessandro Biasi (Bachelor's Thesis, University of Trento, 2023)
    Syntax and Semantics of a Declarative Language for Security Testing of Browser-based Security Protocols
    Supervisors: Silvio Ranise | Co-supervisors: Andrea Bisegna, Roberto Carbone

2022

  • Matteo Bitussi (Bachelor's Thesis, University of Trento, 2022)
    Declarative Specification of Pentesting Strategies for Browser-based Security Protocols: the Case Studies of SAML and OAuth/OIDC
    Supervisors: Silvio Ranise | Co-supervisors: Andrea Bisegna, Roberto Carbone
  • Eleonora Marchesini (Master's Thesis, University of Trento, 2022)
    Design and Implementation of a Cybersecurity Chatbot for Identity Management Protocols: the SAML and Slack Use Case
    Supervisors: Silvio Ranise | Co-supervisors: Andrea Bisegna, Roberto Carbone
  • Sofia Zanrosso (Bachelor's Thesis, University of Trento, 2022)
    Enlarging the Pen-Test Coverage of SAML Single Sign-On Solutions with Cyber Threat Intelligence
    Supervisors: Silvio Ranise | Co-supervisors: Andrea Bisegna, Roberto Carbone
  • Michele Zucchelli (Bachelor's Thesis, University of Trento, 2022)
    Pimp My Micro-Id-Gym: Enhancing the Automation and Usability of a Security Testing Tool for Digital Identity Protocol
    Supervisors: Silvio Ranise | Co-supervisors: Andrea Bisegna, Roberto Carbone
  • Giuseppe Alessio Sciumè (Bachelor's Thesis, University of Trento, 2022)
    A Comprehensive Analysis of the OAuth 2.0 Threat Model to Develop a Chatbot Providing Actionable Security Suggestions
    Supervisors: Silvio Ranise | Co-supervisors: Roberto Carbone, Andrea Bisegna

2021

  • Wendy Barreto (Bachelor's Thesis, University of Trento, 2021)
    Design and implementation of an attack pattern language for the automated pentesting of OAuth/OIDC deployments
    Supervisors: Silvio Ranise | Co-supervisors: Andrea Bisegna, Roberto Carbone
  • Luca Bazzanella (Bachelor's Thesis, University of Trento, 2021)
    Analysis of the State of the Art of DevSecOps: The Gitlab case study
    Supervisors: Silvio Ranise | Co-supervisors: Andrea Bisegna, Roberto Carbone
  • Francesco Defilippo (Bachelor's Thesis, University of Trento, 2021)
    Attack Patterns for Pentesting SAML 2.0 Web Browser Single Sign-On deployments
    Supervisors: Silvio Ranise | Co-supervisors: Andrea Bisegna, Roberto Carbone

2020

  • Stefano Facchini (Bachelor's Thesis, University of Trento, 2020)
    Design and implementation of an automated tool for checking SAML SSO vulnerabilities and SPID compliance
    Supervisors: Silvio Ranise | Co-supervisors: Andrea Bisegna, Roberto Carbone
  • Giulio Pellizzari (Master's Thesis, University of Trento, 2020)
    Micro-Id-Gym: A Tool to Support Sandboxing and Automated Pentesting of Identity Management Protocols
    Supervisors: Silvio Ranise | Co-supervisors: Andrea Bisegna, Roberto Carbone
  • Claudio Grisenti (Bachelor's Thesis, University of Trento, 2020)
    A pentesting tool for OAuth and OIDC deployments
    Supervisors: Silvio Ranise | Co-supervisors: Andrea Bisegna, Roberto Carbone

2019

  • Lorenzo Tait (Bachelor's Thesis, University of Trento, 2019)
    A Customized Threat Modeling for Secure Deployment And Pentesting of SAML SSO Solutions
    Supervisors: Silvio Ranise | Co-supervisors: Andrea Bisegna, Roberto Carbone

2018

  • Valentina Odorizzi (Bachelor's Thesis, University of Trento, 2018)
    Progettazione e sviluppo di uno strumento per l'analisi automatica di vulnerabilità "Missing XML Validation" in SAML SSO
    Supervisors: Silvio Ranise | Co-supervisors: Andrea Bisegna, Roberto Carbone
  • Ivan Martini (Bachelor's Thesis, University of Trento, 2018)
    An automated security testing framework for SAML SSO deployments
    Supervisors: Silvio Ranise | Co-supervisors: Andrea Bisegna, Roberto Carbone
  • Giulio Pellizzari (Bachelor's Thesis, University of Trento, 2018)
    Design and implementation of a tool to detect Login Cross-Site Request Forgery in SAML SSO: G Suite case study
    Supervisors: Silvio Ranise | Co-supervisors: Andrea Bisegna, Roberto Carbone
Contacts