1. Parse Me, Baby, One More Time: Bypassing HTML Sanitizer via Parsing Differentials;2024 IEEE Symposium on Security and Privacy (SP);2024-05-19

2. Katana : Dual Slicing Based Context for Learning Bug Fixes;ACM Transactions on Software Engineering and Methodology;2023-05-27

3. Hand Sanitizers in the Wild: A Large-scale Study of Custom JavaScript Sanitizer Functions;2022 IEEE 7th European Symposium on Security and Privacy (EuroS&P);2022-06

4. Quantifying permissiveness of access control policies;Proceedings of the 44th International Conference on Software Engineering;2022-05-21

5. Automatic repair of OWASP Top 10 security vulnerabilities;Proceedings of the IEEE/ACM 42nd International Conference on Software Engineering Workshops;2020-06-27