You are here

Avinash Sudhodanan

Phd Student
Short bio

Avinash Sudhodanan is a final year PhD student at University of Trento and a Junior Researcher at the Security & Trust Unit of Fondazione Bruno Kessler (FBK). He is pursuing an industrial doctorate in the context of the SECENTIS project. The topic of his PhD is "Automatic Security Testing of Browser-Based Security Protocols". His research is jointly supervised by Alessandro Armando (FBK), Roberto Carbone (FBK) and Luca Compagna (SAP Labs France). He received his Masters in Cyber Security (graduated in 2013) and Bachelors in Computer Science and Engineering (graduated in 2011) from Amrita Vishwa Vidyapeetham University, India. He has spoken at various top security conferences such as NDSS, OWASP AppSec Europe, IEEE Euro S&P etc. His research has led to the discovery of many serious security vulnerabilities in top web sites. He has also received bug bounties and/or honorable mentions from Microsoft, YahooPinterestOpen SAP etc.

Research interests
Web Security Automated Analysis of Security Protocols Black-Box Security Testing Logical Vulnerabilities in Security Protocols Cross-Site Request Forgery
Publications

Papers

  1. Avinash Sudhodanan, Alessandro Armando, Roberto Carbone, and Luca Compagna, Attack Patterns for Black-Box Security Testing of Multi-Party Web Applications, in Network & Distributed System Security Symposium (NDSS), February 2016. (acceptance rate: 15.4%) [Bibtex, PDF, Slides]
  2. Avinash Sudhodanan, Nicolas Dolgin, Umberto Morelli, Roberto Carbone, Luca Compagna and Alessandro Armando, Large-Scale Analysis & Detection of Authentication Cross-Site Request Forgeries, in  IEEE Eu­ropean Sym­po­si­um on Se­cu­ri­ty and Pri­va­cy (EuroS&P), April 2017. (acceptance rate: 19.5%)

Talks

  1. Avinash Sudhodanan, Alessandro Armando, Roberto Carbone, and Luca Compagna, Attack Patterns for Black-Box Detection of Logical Vulnerabilities in Multi-Party Web Applications, in OWASP AppSec Europe, June 2016 [SlidesVideo]

Posters

  1. Avinash Sudhodanan and Luca Compagna, Black-box Security Testing of Cross-Domain Web Apps, Developer Faire Booth in SAP DKOM Karlsruhe (January 2016) and SAP DKOM Silicon Valley (February 2016)