devdatta akhawe  beta


I received a PhD in Spring 2014 from the Computer Science division at UC Berkeley, where I was advised by the Dawn Song. I am currently the head of security at Figma. Before that, I was at Dropbox where I worked on anti-abuse, account security, application and infrastructure security and sometimes blogged. My LinkedIn has more details of my professional experience. I am also an editor of the Sub Resource Integrity (friendlier introduction) and the Suborigins specifications.

During school, I have interned at Mozilla, Microsoft (MSRC), Yahoo! Labs and Microsoft Research. I have a Bachelor's degree in Computer Science from BITS Pilani. On the web, you can find me on Twitter, Github, and LinkedIn. In my spare time, I volunteer at Asha for Education. Please consider donating! I also have a very hard to pronounce name, so most people prefer to call me Dev.

The best way to contact me is over email:


I am interested in security, reliability, abuse of software. Most of my research has focussed on web applications and SaaS software.

SoK: Hate, Harassment, and the Changing Landscape of Online Abuse pdf
Kurt Thomas, Devdatta Akhawe, Michael Bailey, Dan Boneh, Elie Bursztein, Sunny Consolvo, Nicola Dell, Zakir Durumeric, Patrick Gage Kelley, Deepak Kumar, Damon McCoy, Sarah Meiklejohn, Thomas Ristenpart, Gianluca Stringhini.
IEEE Symposium on Security and Privacy (IEEE S&P 2021).
Cracking ShadowCrypt: Exploring the Limitations of Secure I/O Systems in Internet Browsers  pdf
M Freyberger, W He, D Akhawe, ML Mazurek, P Mittal
PETS 2018.
pASSWORD tYPOS and How to Correct Them Securely   pdf
Rahul Chatterjee, Anish Athalye, Devdatta Akhawe, Ari Juels, Thomas Ristenpart
37th IEEE Symposium on Security and Privacy, San Jose, CA 2016.
ShadowCrypt : Encrypted Web Applications for Everyone   pdf   slides
Warren He, Devdatta Akhawe, Sumeet Jain, Elaine Shi, Dawn Song
21st ACM Conference on Computer and Communications Security, Scottsdale, 2014.
Clickjacking Revisited: A Perceptual View of UI Security   pdf
Devdatta Akhawe, Warren He, Zhiwei Li, Reza Moazzezi, Dawn Song
8th Usenix Workshop on Offensive Technologies, San Diego, 2014.
The Emperor's New Password Manager: Security Analysis of Web-based Password Managers   pdf
Zhiwei Li, Warren He, Devdatta Akhawe, Dawn Song
Usenix Security Symposium, San Diego, 2014.
Data-confined HTML5 Applications   pdf
Devdatta Akhawe, Frank Li, Warren He, Prateek Saxena, Dawn Song
European Symposium on Research in Computer Security (ESORICS), London, 2013.
Alice in Warningland:
A Large-Scale Field Study of Browser Security Warning Effectiveness   pdf   slides
Devdatta Akhawe, Adrienne Porter Felt
Usenix Security Symposium, Washington DC, 2013.
An Empirical Study of Vulnerability Rewards Programs   pdf   slides
Matthew Finifter, Devdatta Akhawe, David Wagner
Usenix Security Symposium, Washington DC, 2013.
Here's My Cert, So Trust Me, Maybe? Understanding TLS Errors on the Web   pdf   slides
Devdatta Akhawe, Johanna Amann, Matthias Vallentin, Robin Sommer
World Wide Web Conference (WWW), Rio De Janerio, 2013.
How to Ask for Permission   pdf   slides
Adrienne Porter Felt, Serge Egelman, Matthew Finifter, Devdatta Akhawe, David Wagner
Hot Topics in Security (HotSec), Bellevue 2012.
Privilege Separation for HTML5 Applications   pdf   slides
Devdatta Akhawe, Prateek Saxena, Dawn Song
21st Usenix Security Symposium, Bellevue 2012.
Product Labels for Mobile Application Markets   pdf   slides
Devdatta Akhawe, Matthew Finifter
Mobile Security Technologies, San Francisco 2012.
A Systematic Analysis of XSS Sanitization in Web Application Frameworks   pdf   slides
Joel Weinberger, Prateek Saxena, Devdatta Akhawe, Matthew Finifter, Dawn Song
16th European Symposium on Research in Computer Security (ESORICS), Leuven 2011.
Do You Know Where Your Data Are?
Secure Data Capsules for Deployable Data Protection   pdf   slides
Petros Maniatis, Devdatta Akhawe, Kevin Fall, Elaine Shi, Stephen McCamant, Dawn Song
13th Workshop on Hot Topics in Operating Systems (HotOS), Napa 2011.
Towards a Formal Foundation of Web Security   pdf   slides
Devdatta Akhawe, Adam Barth, Peifung Eric Lam, John Mitchell, Dawn Song
23rd IEEE Computer Security Foundations Symposium (CSF), Edinburgh 2010.
A Symbolic Execution Framework for JavaScript   pdf   slides
Prateek Saxena, Devdatta Akhawe, Steve Hanna, Stephen McCamant, Feng Mao, Dawn Song
31st IEEE Symposium on Security and Privacy, Oakland 2010.
Winner of AT&T Best Applied Security Research Paper award at CSAW
The Emperor’s New API: On the (In)Secure Usage of New Client Side Primitives   pdf   slides
Steve Hanna, Richard Shin, Devdatta Akhawe, Prateek Saxena, Arman Boehm, Dawn Song
4th Web 2.0 Security and Privacy Workshop, Oakland 2010.


I have been hacking over a simple tool to check for common errors in academic writing. If you use it, I would appreciate feedback/comments/patches.

I was czaring the Security Reading Group at Berkeley. Kevin is now in charge.

The Web Security model project I worked on is now opensource.

Kaluza, a tool I worked on, is now available to play with online. During this work, I also wrote a tool to convert Perl compatible regular expressions to the Hampi string solver input format. It is now part of the Hampi codebase.