Martin Johns

Proceedings of the IEEE Symposium on Security and Privacy, 2024

Don't Patch the Researcher, Patch the Game: A Systematic Approach for Responsible Research via Federated Ethics Boards.

[BibT_eX]

[DOI]

Proceedings of the New Security Paradigms Workshop, 2024

Continuous Health Monitoring on Shared Mobility Devices: A Health-eScooter Prototype.

[BibT_eX]

[DOI]

Joana M. Warnecke

Christian Baumgartner

Michael H. Breitner

Dominique F. Briechle

Proceedings of the 57th Hawaii International Conference on System Sciences, 2024

2023

The OK Is Not Enough: A Large Scale Study of Consent Dialogs in Smartphone Applications.

[BibT_eX]

[DOI]

Simon Koch

Benjamin Altpeter

Proceedings of the 32nd USENIX Security Symposium, 2023

FUZZILLI: Fuzzing for JavaScript JIT Compiler Vulnerabilities.

[BibT_eX]

[DOI]

Proceedings of the 30th Annual Network and Distributed System Security Symposium, 2023

Poster: The Risk of Insufficient Isolation of Database Transactions in Web Applications.

[BibT_eX]

[DOI]

Proceedings of the 2023 ACM SIGSAC Conference on Computer and Communications Security, 2023

General Data Protection Runtime: Enforcing Transparent GDPR Compliance for Existing Applications.

[BibT_eX]

[DOI]

Proceedings of the 2023 ACM SIGSAC Conference on Computer and Communications Security, 2023

2022

Keeping Privacy Labels Honest.

[BibT_eX]

[DOI]

Proc. Priv. Enhancing Technol., 2022

No keys to the kingdom required: a comprehensive investigation of missing authentication vulnerabilities in the wild.

[BibT_eX]

[DOI]

Proceedings of the 22nd ACM Internet Measurement Conference, 2022

Hand Sanitizers in the Wild: A Large-scale Study of Custom JavaScript Sanitizer Functions.

[BibT_eX]

[DOI]

Proceedings of the 7th IEEE European Symposium on Security and Privacy, 2022

Server-Side Browsers: Exploring the Web's Hidden Attack Surface.

[BibT_eX]

[DOI]

Proceedings of the ASIA CCS '22: ACM Asia Conference on Computer and Communications Security, Nagasaki, Japan, 30 May 2022, 2022

Accept All Exploits: Exploring the Security Impact of Cookie Banners.

[BibT_eX]

[DOI]

Proceedings of the Annual Computer Security Applications Conference, 2022

2021

LogPicker: Strengthening Certificate Transparency Against Covert Adversaries.

[BibT_eX]

[DOI]

Proc. Priv. Enhancing Technol., 2021

U Can't Debug This: Detecting JavaScript Anti-Debugging Techniques in the Wild.

[BibT_eX]

[DOI]

Proceedings of the 30th USENIX Security Symposium, 2021

Who's Hosting the Block Party? Studying Third-Party Blockage of CSP and SRI.

[BibT_eX]

[DOI]

Proceedings of the 28th Annual Network and Distributed System Security Symposium, 2021

Talking About My Generation: Targeted DOM-based XSS Exploit Generation using Dynamic Data Flow Analysis.

[BibT_eX]

[DOI]

Proceedings of the EuroSec '21: Proceedings of the 14th European Workshop on Systems Security, 2021

2020

Adversarial Preprocessing: Understanding and Preventing Image-Scaling Attacks in Machine Learning.

[BibT_eX]

[DOI]

Proceedings of the 29th USENIX Security Symposium, 2020

Hybrid taint analysis for Java EE.

[BibT_eX]

[DOI]

Proceedings of the SAC '20: The 35th ACM/SIGAPP Symposium on Applied Computing, online event, [Brno, Czech Republic], March 30, 2020

Raccoon: automated verification of guarded race conditions in web applications.

[BibT_eX]

[DOI]

Proceedings of the SAC '20: The 35th ACM/SIGAPP Symposium on Applied Computing, online event, [Brno, Czech Republic], March 30, 2020

Towards Enabling Secure Web-Based Cloud Services using Client-Side Encryption.

[BibT_eX]

[DOI]

Alexandra Dirksen

Proceedings of the CCSW'20, 2020

2019

Don't Trust The Locals: Investigating the Prevalence of Persistent Client-Side Cross-Site Scripting in the Wild.

[BibT_eX]

[DOI]

Proceedings of the 26th Annual Network and Distributed System Security Symposium, 2019

New Kid on the Web: A Study on the Prevalence of WebAssembly in the Wild.

[BibT_eX]

[DOI]

Christian Wressnegger

Proceedings of the Detection of Intrusions and Malware, and Vulnerability Assessment, 2019

ScriptProtect: Mitigating Unsafe Third-Party JavaScript Practices.

[BibT_eX]

[DOI]

Proceedings of the 2019 ACM Asia Conference on Computer and Communications Security, 2019

Thieves in the Browser: Web-based Cryptojacking in the Wild.

[BibT_eX]

[DOI]

Christian Wressnegger

Proceedings of the 14th International Conference on Availability, Reliability and Security, 2019

2018

Web Application Security (Dagstuhl Seminar 18321).

[BibT_eX]

[DOI]

Dagstuhl Reports, 2018

Web-based Cryptojacking in the Wild.

[BibT_eX]

[DOI]

Christian Wressnegger

CoRR, 2018

Towards an Automatic Generation of Low-Interaction Web Application Honeypots.

[BibT_eX]

[DOI]

Martin Härterich

Proceedings of the 13th International Conference on Availability, Reliability and Security, 2018

2017

How the Web Tangled Itself: Uncovering the History of Client-Side Web (In)Security.

[BibT_eX]

[DOI]

Proceedings of the 26th USENIX Security Symposium, 2017

Deemon: Detecting CSRF with Dynamic Analysis and Property Graphs.

[BibT_eX]

[DOI]

Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security, 2017

Code-Reuse Attacks for the Web: Breaking Cross-Site Scripting Mitigations via Script Gadgets.

[BibT_eX]

[DOI]

Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security, 2017

2016

Client-Side XSS in Theorie und Praxis.

[BibT_eX]

[DOI]

Datenschutz und Datensicherheit, 2016

Security Testing: A Survey.

[BibT_eX]

[DOI]

Adv. Comput., 2016

Hey, You Have a Problem: On the Feasibility of Large-Scale Web Vulnerability Notification.

[BibT_eX]

[DOI]

Proceedings of the 25th USENIX Security Symposium, 2016

Ensuring endpoint authenticity in WebRTC peer-to-peer communication.

[BibT_eX]

[DOI]

Proceedings of the 31st Annual ACM Symposium on Applied Computing, 2016

POSTER: Mapping the Landscape of Large-Scale Vulnerability Notifications.

[BibT_eX]

[DOI]

Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security, 2016

2015

The Unexpected Dangers of Dynamic JavaScript.

[BibT_eX]

[DOI]

Proceedings of the 24th USENIX Security Symposium, 2015

LogSec: adaptive protection for the wild wild web.

[BibT_eX]

[DOI]

Proceedings of the 30th Annual ACM Symposium on Applied Computing, 2015

From Facepalm to Brain Bender: Exploring Client-Side Cross-Site Scripting.

[BibT_eX]

[DOI]

Proceedings of the 22nd ACM SIGSAC Conference on Computer and Communications Security, 2015

2014

Primer on Client-Side Web Security

[BibT_eX]

[DOI]

Springer Briefs in Computer Science, Springer, ISBN: 978-3-319-12226-7, 2014

Preface.

[BibT_eX]

[DOI]

J. Comput. Secur., 2014

Script-templates for the Content Security Policy.

[BibT_eX]

[DOI]

J. Inf. Secur. Appl., 2014

Real-Time Communications Security on the Web.

[BibT_eX]

[DOI]

Lieven Desmet

IEEE Internet Comput., 2014

Precise Client-side Protection against DOM-based Cross-Site Scripting.

[BibT_eX]

[DOI]

Proceedings of the 23rd USENIX Security Symposium, San Diego, CA, USA, August 20-22, 2014., 2014

DOM-basiertes Cross-Site Scripting im Web: Reise in ein unerforschtes Land.

[BibT_eX]

[DOI]

Proceedings of the Sicherheit 2014: Sicherheit, 2014

A Trusted UI for the Mobile Web.

[BibT_eX]

[DOI]

Proceedings of the ICT Systems Security and Privacy Protection, 2014

PhishSafe: leveraging modern JavaScript API's for transparent and robust protection.

[BibT_eX]

[DOI]

Proceedings of the Fourth ACM Conference on Data and Application Security and Privacy, 2014

Protecting users against XSS-based password manager abuse.

[BibT_eX]

[DOI]

Proceedings of the 9th ACM Symposium on Information, Computer and Communications Security, 2014

2013

Eradicating DNS Rebinding with the Extended Same-origin Policy.

[BibT_eX]

[DOI]

Proceedings of the 22th USENIX Security Symposium, Washington, DC, USA, August 14-16, 2013, 2013

Tamper-Resistant LikeJacking Protection.

[BibT_eX]

[DOI]

Proceedings of the Research in Attacks, Intrusions, and Defenses, 2013

PreparedJS: Secure Script-Templates for JavaScript.

[BibT_eX]

[DOI]

Proceedings of the Detection of Intrusions and Malware, and Vulnerability Assessment, 2013

25 million flows later: large-scale detection of DOM-based XSS.

[BibT_eX]

[DOI]

Proceedings of the 2013 ACM SIGSAC Conference on Computer and Communications Security, 2013

2012

HTML5-Security - Sicherer Umgang mit den neuen JavaScript APIs.

[BibT_eX]

[DOI]

Datenschutz und Datensicherheit, 2012

Web Application Security (Dagstuhl Seminar 12401).

[BibT_eX]

[DOI]

Dagstuhl Reports, 2012

WebSand: Server-Driven Outbound Web-Application Sandboxing.

[BibT_eX]

[DOI]

Joachim Posegga

Proceedings of the Trust, Privacy and Security in Digital Business, 2012

A User-Level Authentication Scheme to Mitigate Web Session-Based Vulnerabilities.

[BibT_eX]

[DOI]

Proceedings of the Trust, Privacy and Security in Digital Business, 2012

Towards stateless, client-side driven Cross-Site Request Forgery protection for Web applications.

[BibT_eX]

[DOI]

Walter Tighzert

Proceedings of the Sicherheit 2012: Sicherheit, 2012

DEMACRO: Defense against Malicious Cross-Domain Requests.

[BibT_eX]

[DOI]

Proceedings of the Research in Attacks, Intrusions, and Defenses, 2012

BetterAuth: web authentication revisited.

[BibT_eX]

[DOI]

Proceedings of the 28th Annual Computer Security Applications Conference, 2012

2011

Session Hijacking Attacks.

[BibT_eX]

[DOI]

Proceedings of the Encyclopedia of Cryptography and Security, 2nd Ed., 2011

Code Injection Vulnerabilities in Web Applications: Exemplified at Cross-site Scripting.

[BibT_eX]

[DOI]

PhD thesis, 2011

Code-injection Vulnerabilities in Web Applications - Exemplified at Cross-site Scripting.

[BibT_eX]

[DOI]

it Inf. Technol., 2011

Reliable protection against session fixation attacks.

[BibT_eX]

[DOI]

Proceedings of the 2011 ACM Symposium on Applied Computing (SAC), TaiChung, Taiwan, March 21, 2011

Plug-In Privacy for Smart Metering Billing.

[BibT_eX]

[DOI]

Marek Jawurek

Florian Kerschbaum

Proceedings of the Privacy Enhancing Technologies - 11th International Symposium, 2011

Scanstud: A Methodology for Systematic, Fine-Grained Evaluation of Static Analysis Tools.

[BibT_eX]

[DOI]

Moritz Jodeit

Proceedings of the Fourth IEEE International Conference on Software Testing, 2011

Abusing locality in shared web hosting.

[BibT_eX]

[DOI]

Nick Nikiforakis

Wouter Joosen

Proceedings of the Fourth European Workshop on System Security, 2011

SessionShield: Lightweight Protection against Session Hijacking.

[BibT_eX]

[DOI]

Proceedings of the Engineering Secure Software and Systems - Third International Symposium, 2011

Biting the Hand That Serves You: A Closer Look at Client-Side Flash Proxies for Cross-Domain Requests.

[BibT_eX]

[DOI]

Proceedings of the Detection of Intrusions and Malware, and Vulnerability Assessment, 2011

Smart metering de-pseudonymization.

[BibT_eX]

[DOI]

Marek Jawurek

Proceedings of the Twenty-Seventh Annual Computer Security Applications Conference, 2011

2010

Session Fixation - The Forgotten Vulnerability?

[BibT_eX]

[DOI]

Proceedings of the Sicherheit 2010: Sicherheit, 2010

Security Challenges of a Changing Energy Landscape.

[BibT_eX]

[DOI]

Marek Jawurek

Proceedings of the ISSE 2010, 2010

Secure Code Generation for Web Applications.

[BibT_eX]

[DOI]

Proceedings of the Engineering Secure Software and Systems, Second International Symposium, 2010

2009

Code-injection Verwundbarkeit in Web Anwendungen am Beispiel von Cross-site Scripting.

[BibT_eX]

[DOI]

Proceedings of the Ausgezeichnete Informatikdissertationen 2009, 2009

09141 Executive Summary - Web Application Security.

[BibT_eX]

[DOI]

Proceedings of the Web Application Security, 29.03. - 03.04.2009, 2009

09141 Abstracts Collection - Web Application Security.

[BibT_eX]

[DOI]

Proceedings of the Web Application Security, 29.03. - 03.04.2009, 2009

2008

On JavaScript Malware and related threats.

[BibT_eX]

[DOI]

J. Comput. Virol., 2008

XSSDS: Server-Side Detection of Cross-Site Scripting Attacks.

[BibT_eX]

[DOI]

Björn Engelmann

Joachim Posegga

Proceedings of the Twenty-Fourth Annual Computer Security Applications Conference, 2008

2007

Automatisierter Code-Audit - Sicherheitsanalyse von Source Code in Theorie und Praxis.

[BibT_eX]

[DOI]

Daniel Schreckling

Datenschutz und Datensicherheit, 2007

SMask: preventing injection attacks in web applications by approximating automatic data/code separation.

[BibT_eX]

[DOI]

Christian Beyerlein

Proceedings of the 2007 ACM Symposium on Applied Computing (SAC), 2007

Protecting the Intranet Against "JavaScript Malware" and Related Attacks.

[BibT_eX]

[DOI]

Justus Winter

Proceedings of the Detection of Intrusions and Malware, 2007

2006

SessionSafe: Implementing XSS Immune Session Handling.

[BibT_eX]

[DOI]

Proceedings of the Computer Security, 2006

2003

Pseudonyme Biometrik: Ein signatur-basierter Ansatz.

[BibT_eX]

[DOI]