Research Assistant — CISPA Helmholtz Center for Information Security
- + Conducted differential testing across Node.js, Deno, and Bun to surface JavaScript runtime security bugs.
- + Designed and built an automated Python pipeline to run test suites across runtimes and post-process results for vulnerability detection.
- + Reported and responsibly disclosed security bugs to runtime maintainers via GitHub Issues.
- + Built a proof-of-concept UI deception attack exploiting Progressive Web App manifests on V8-based browsers (HTML, CSS, JavaScript).
- + Developed an automated Playwright framework simulating user authentication flows in 2FA-based environments.