default search action
Martin Johns
Person information
- affiliation: TU Braunschweig, Institute for Application Security, Germany
Refine list
refinements active!
zoomed in on ?? of ?? records
view refined list in
export refined list as
showing all ?? records
2020 – today
- 2024
- [j13]Soumaya Boussaha, Lukas Hock, Miguel Bermejo, Rubén Cuevas Rumín, Ángel Cuevas Rumín, David Klein, Martin Johns, Luca Compagna, Daniele Antonioli, Thomas Barber:
FP-tracer: Fine-grained Browser Fingerprinting Detection via Taint-tracking and Entropy-based Thresholds. Proc. Priv. Enhancing Technol. 2024(3): 540-560 (2024) - [j12]Robin Kirchner
, Simon Koch
A Black-Box Privacy Analysis of Messaging Service Providers' Chat Message Processing. Proc. Priv. Enhancing Technol. 2024(3): 674-691 (2024) - [c62]Joana M. Warnecke, Christian Baumgartner, Michael H. Breitner, Dominique F. Briechle, Thomas M. Deserno, Maximilian Heumann, Martin Johns, Alexander Picker, Andreas Rausch, Lars C. Wolf:
Continuous Health Monitoring on Shared Mobility Devices: A Health-eScooter Prototype. HICSS 2024: 3485-3494 - [c61]David Klein, Martin Johns:
Parse Me, Baby, One More Time: Bypassing HTML Sanitizer via Parsing Differentials. SP 2024: 203-221 - [c60]Robin Kirchner, Jonas Möller, Marius Musch, David Klein, Konrad Rieck, Martin Johns:
Dancer in the Dark: Synthesizing and Evaluating Polyglots for Blind Cross-Site Scripting. USENIX Security Symposium 2024 - [c59]Malte Wessels, Simon Koch, Giancarlo Pellegrino, Martin Johns:
SSRF vs. Developers: A Study of SSRF-Defenses in PHP Applications. USENIX Security Symposium 2024 - 2023
- [c58]David Klein
General Data Protection Runtime: Enforcing Transparent GDPR Compliance for Existing Applications. CCS 2023: 3343-3357 - [c57]Simon Koch
Poster: The Risk of Insufficient Isolation of Database Transactions in Web Applications. CCS 2023: 3576-3578 - [c56]Samuel Groß, Simon Koch, Lukas Bernhard, Thorsten Holz, Martin Johns:
FUZZILLI: Fuzzing for JavaScript JIT Compiler Vulnerabilities. NDSS 2023 - [c55]Simon Koch, Benjamin Altpeter, Martin Johns:
The OK Is Not Enough: A Large Scale Study of Consent Dialogs in Smartphone Applications. USENIX Security Symposium 2023: 5467-5484 - 2022
- [j11]Simon Koch
Keeping Privacy Labels Honest. Proc. Priv. Enhancing Technol. 2022(4): 486-506 (2022) - [c54]David Klein
Accept All Exploits: Exploring the Security Impact of Cookie Banners. ACSAC 2022: 911-922 - [c53]Marius Musch
Server-Side Browsers: Exploring the Web's Hidden Attack Surface. AsiaCCS 2022: 1168-1181 - [c52]David Klein
Hand Sanitizers in the Wild: A Large-scale Study of Custom JavaScript Sanitizer Functions. EuroS&P 2022: 236-250 - [c51]Manuel Karl, Marius Musch, Guoli Ma, Martin Johns
No keys to the kingdom required: a comprehensive investigation of missing authentication vulnerabilities in the wild. IMC 2022: 619-632 - 2021
- [j10]Alexandra Dirksen, David Klein
LogPicker: Strengthening Certificate Transparency Against Covert Adversaries. Proc. Priv. Enhancing Technol. 2021(4): 184-202 (2021) - [c50]Souphiane Bensalim, David Klein
Talking About My Generation: Targeted DOM-based XSS Exploit Generation using Dynamic Data Flow Analysis. EuroSec@EuroSys 2021: 27-33 - [c49]Marius Steffens, Marius Musch, Martin Johns, Ben Stock:
Who's Hosting the Block Party? Studying Third-Party Blockage of CSP and SRI. NDSS 2021 - [c48]Marius Musch, Martin Johns:
U Can't Debug This: Detecting JavaScript Anti-Debugging Techniques in the Wild. USENIX Security Symposium 2021: 2935-2950 - 2020
- [c47]Martin Johns
Towards Enabling Secure Web-Based Cloud Services using Client-Side Encryption. CCSW 2020: 67-76 - [c46]Simon Koch
Raccoon: automated verification of guarded race conditions in web applications. SAC 2020: 1678-1687 - [c45]Florian D. Loch, Martin Johns, Martin Hecker, Martin Mohr, Gregor Snelting:
Hybrid taint analysis for Java EE. SAC 2020: 1716-1725 - [c44]Erwin Quiring, David Klein, Daniel Arp, Martin Johns, Konrad Rieck:
Adversarial Preprocessing: Understanding and Preventing Image-Scaling Attacks in Machine Learning. USENIX Security Symposium 2020: 1363-1380
2010 – 2019
- 2019
- [c43]Marius Musch, Christian Wressnegger, Martin Johns
Thieves in the Browser: Web-based Cryptojacking in the Wild. ARES 2019: 4:1-4:10 - [c42]Marius Musch, Marius Steffens, Sebastian Roth
ScriptProtect: Mitigating Unsafe Third-Party JavaScript Practices. AsiaCCS 2019: 391-402 - [c41]Marius Musch, Christian Wressnegger, Martin Johns
New Kid on the Web: A Study on the Prevalence of WebAssembly in the Wild. DIMVA 2019: 23-42 - [c40]Marius Steffens, Christian Rossow, Martin Johns, Ben Stock:
Don't Trust The Locals: Investigating the Prevalence of Persistent Client-Side Cross-Site Scripting in the Wild. NDSS 2019 - 2018
- [c39]Marius Musch, Martin Härterich, Martin Johns
Towards an Automatic Generation of Low-Interaction Web Application Honeypots. ARES 2018: 27:1-27:6 - [i7]Marius Musch, Christian Wressnegger, Martin Johns, Konrad Rieck:
Web-based Cryptojacking in the Wild. CoRR abs/1808.09474 (2018) - [i6]Martin Johns, Nick Nikiforakis, Melanie Volkamer, John Wilander:
Web Application Security (Dagstuhl Seminar 18321). Dagstuhl Reports 8(8): 1-17 (2018) - 2017
- [c38]Sebastian Lekies, Krzysztof Kotowicz, Samuel Groß, Eduardo A. Vela Nava, Martin Johns
Code-Reuse Attacks for the Web: Breaking Cross-Site Scripting Mitigations via Script Gadgets. CCS 2017: 1709-1723 - [c37]Giancarlo Pellegrino, Martin Johns
Deemon: Detecting CSRF with Dynamic Analysis and Property Graphs. CCS 2017: 1757-1771 - [c36]Ben Stock, Martin Johns, Marius Steffens, Michael Backes:
How the Web Tangled Itself: Uncovering the History of Client-Side Web (In)Security. USENIX Security Symposium 2017: 971-987 - [i5]Giancarlo Pellegrino, Martin Johns, Simon Koch, Michael Backes, Christian Rossow:
Deemon: Detecting CSRF with Dynamic Analysis and Property Graphs. CoRR abs/1708.08786 (2017) - 2016
- [j9]Michael Felderer, Matthias Büchler, Martin Johns
Security Testing: A Survey. Adv. Comput. 101: 1-51 (2016) - [j8]Ben Stock, Martin Johns:
Client-Side XSS in Theorie und Praxis. Datenschutz und Datensicherheit 40(11): 707-712 (2016) - [c35]Ben Stock, Giancarlo Pellegrino, Christian Rossow, Martin Johns, Michael Backes:
POSTER: Mapping the Landscape of Large-Scale Vulnerability Notifications. CCS 2016: 1787-1789 - [c34]Willem De Groef, Deepak Subramanian, Martin Johns
Ensuring endpoint authenticity in WebRTC peer-to-peer communication. SAC 2016: 2103-2110 - [c33]Ben Stock, Giancarlo Pellegrino, Christian Rossow, Martin Johns, Michael Backes:
Hey, You Have a Problem: On the Feasibility of Large-Scale Web Vulnerability Notification. USENIX Security Symposium 2016: 1015-1032 - 2015
- [c32]Ben Stock
From Facepalm to Brain Bender: Exploring Client-Side Cross-Site Scripting. CCS 2015: 1419-1430 - [c31]Bastian Braun, Korbinian Pauli, Joachim Posegga, Martin Johns
LogSec: adaptive protection for the wild wild web. SAC 2015: 2149-2156 - [c30]Sebastian Lekies, Ben Stock, Martin Wentzel, Martin Johns:
The Unexpected Dangers of Dynamic JavaScript. USENIX Security Symposium 2015: 723-735 - 2014
- [b2]Philippe De Ryck, Lieven Desmet, Frank Piessens, Martin Johns:
Primer on Client-Side Web Security. Springer Briefs in Computer Science, Springer 2014, ISBN 978-3-319-12225-0, pp. 1-111 - [j7]Lieven Desmet
Real-Time Communications Security on the Web. IEEE Internet Comput. 18(6): 8-10 (2014) - [j6]Martin Johns
Script-templates for the Content Security Policy. J. Inf. Secur. Appl. 19(3): 209-223 (2014) - [j5]Lieven Desmet
Preface. J. Comput. Secur. 22(4): 467-468 (2014) - [c29]Ben Stock
Protecting users against XSS-based password manager abuse. AsiaCCS 2014: 183-194 - [c28]Bastian Braun, Martin Johns
PhishSafe: leveraging modern JavaScript API's for transparent and robust protection. CODASPY 2014: 61-72 - [c27]Bastian Braun, Johannes Köstler, Joachim Posegga, Martin Johns
A Trusted UI for the Mobile Web. SEC 2014: 127-141 - [c26]Ben Stock, Sebastian Lekies, Martin Johns:
DOM-basiertes Cross-Site Scripting im Web: Reise in ein unerforschtes Land. Sicherheit 2014: 53-64 - [c25]Ben Stock, Sebastian Lekies, Tobias Mueller, Patrick Spiegel, Martin Johns:
Precise Client-side Protection against DOM-based Cross-Site Scripting. USENIX Security Symposium 2014: 655-670 - 2013
- [c24]Sebastian Lekies, Ben Stock
25 million flows later: large-scale detection of DOM-based XSS. CCS 2013: 1193-1204 - [c23]Martin Johns
PreparedJS: Secure Script-Templates for JavaScript. DIMVA 2013: 102-121 - [c22]Martin Johns
Tamper-Resistant LikeJacking Protection. RAID 2013: 265-285 - [c21]Martin Johns, Sebastian Lekies, Ben Stock:
Eradicating DNS Rebinding with the Extended Same-origin Policy. USENIX Security Symposium 2013: 621-636 - 2012
- [j4]Martin Johns:
HTML5-Security - Sicherer Umgang mit den neuen JavaScript APIs. Datenschutz und Datensicherheit 36(4): 231-235 (2012) - [c20]Martin Johns
BetterAuth: web authentication revisited. ACSAC 2012: 169-178 - [c19]Sebastian Lekies, Nick Nikiforakis, Walter Tighzert, Frank Piessens, Martin Johns
DEMACRO: Defense against Malicious Cross-Domain Requests. RAID 2012: 254-273 - [c18]Sebastian Lekies, Walter Tighzert, Martin Johns:
Towards stateless, client-side driven Cross-Site Request Forgery protection for Web applications. Sicherheit 2012: 111-121 - [c17]Bastian Braun, Stefan Kucher, Martin Johns
A User-Level Authentication Scheme to Mitigate Web Session-Based Vulnerabilities. TrustBus 2012: 17-29 - [c16]Martin Johns
WebSand: Server-Driven Outbound Web-Application Sandboxing. TrustBus 2012: 216-217 - [i4]Lieven Desmet
Web Application Security (Dagstuhl Seminar 12401). Dagstuhl Reports 2(10): 1-37 (2012) - 2011
- [b1]Martin Johns:
Code Injection Vulnerabilities in Web Applications: Exemplified at Cross-site Scripting. University of Passau, 2011 - [j3]Martin Johns
Code-injection Vulnerabilities in Web Applications - Exemplified at Cross-site Scripting. it Inf. Technol. 53(5): 256- (2011) - [c15]Marek Jawurek, Martin Johns
Smart metering de-pseudonymization. ACSAC 2011: 227-236 - [c14]Martin Johns
Biting the Hand That Serves You: A Closer Look at Client-Side Flash Proxies for Cross-Domain Requests. DIMVA 2011: 85-103 - [c13]Nick Nikiforakis, Wannes Meert
SessionShield: Lightweight Protection against Session Hijacking. ESSoS 2011: 87-100 - [c12]Nick Nikiforakis, Wouter Joosen, Martin Johns
Abusing locality in shared web hosting. EUROSEC 2011: 2 - [c11]Martin Johns
Scanstud: A Methodology for Systematic, Fine-Grained Evaluation of Static Analysis Tools. ICST Workshops 2011: 523-530 - [c10]Marek Jawurek, Martin Johns
Plug-In Privacy for Smart Metering Billing. PETS 2011: 192-210 - [c9]Martin Johns
Reliable protection against session fixation attacks. SAC 2011: 1531-1537 - [r1]Martin Johns:
Session Hijacking Attacks. Encyclopedia of Cryptography and Security (2nd Ed.) 2011: 1189-1190 - 2010
- [c8]Martin Johns
Secure Code Generation for Web Applications. ESSoS 2010: 96-113 - [c7]Marek Jawurek, Martin Johns
Security Challenges of a Changing Energy Landscape. ISSE 2010: 249-259 - [c6]Michael Schrank, Bastian Braun, Martin Johns, Joachim Posegga:
Session Fixation - The Forgotten Vulnerability? Sicherheit 2010: 341-352 - [i3]Marek Jawurek, Martin Johns, Florian Kerschbaum:
Plug-in privacy for Smart Metering billing. CoRR abs/1012.2248 (2010)
2000 – 2009
- 2009
- [p1]Martin Johns:
Code-injection Verwundbarkeit in Web Anwendungen am Beispiel von Cross-site Scripting. Ausgezeichnete Informatikdissertationen 2009: 111-120 - [e1]Dan Boneh, Úlfar Erlingsson, Martin Johns, Benjamin Livshits:
Web Application Security, 29.03. - 03.04.2009. Dagstuhl Seminar Proceedings 09141, Schloss Dagstuhl - Leibniz-Zentrum für Informatik, Germany 2009 [contents] - [i2]Dan Boneh, Úlfar Erlingsson, Martin Johns, Benjamin Livshits:
09141 Abstracts Collection - Web Application Security. Web Application Security 2009 - [i1]Dan Boneh, Úlfar Erlingsson, Martin Johns, Benjamin Livshits:
09141 Executive Summary - Web Application Security. Web Application Security 2009 - 2008
- [j2]Martin Johns
On JavaScript Malware and related threats. J. Comput. Virol. 4(3): 161-178 (2008) - [c5]Martin Johns
XSSDS: Server-Side Detection of Cross-Site Scripting Attacks. ACSAC 2008: 335-344 - 2007
- [j1]Martin Johns, Daniel Schreckling:
Automatisierter Code-Audit - Sicherheitsanalyse von Source Code in Theorie und Praxis. Datenschutz und Datensicherheit 31(12): 888-893 (2007) - [c4]Martin Johns
Protecting the Intranet Against "JavaScript Malware" and Related Attacks. DIMVA 2007: 40-59 - [c3]Martin Johns
SMask: preventing injection attacks in web applications by approximating automatic data/code separation. SAC 2007: 284-291 - 2006
- [c2]Martin Johns
SessionSafe: Implementing XSS Immune Session Handling. ESORICS 2006: 444-460 - 2003
- [c1]Martin Johns:
Pseudonyme Biometrik: Ein signatur-basierter Ansatz. BIOSIG 2003: 113-120
Coauthor Index
manage site settings
To protect your privacy, all features that rely on external API calls from your browser are turned off by default. You need to opt-in for them to become active. All settings here will be stored as cookies with your web browser. For more information see our F.A.Q.
Unpaywalled article links
Add open access links from to the list of external document links (if available).
Privacy notice: By enabling the option above, your browser will contact the API of unpaywall.org to load hyperlinks to open access articles. Although we do not have any reason to believe that your call will be tracked, we do not have any control over how the remote server uses your data. So please proceed with care and consider checking the Unpaywall privacy policy.
Archived links via Wayback Machine
For web page which are no longer available, try to retrieve content from the of the Internet Archive (if available).
Privacy notice: By enabling the option above, your browser will contact the API of archive.org to check for archived content of web pages that are no longer available. Although we do not have any reason to believe that your call will be tracked, we do not have any control over how the remote server uses your data. So please proceed with care and consider checking the Internet Archive privacy policy.
Reference lists
Add a list of references from ,
, and
to record detail pages.
load references from crossref.org and opencitations.net
Privacy notice: By enabling the option above, your browser will contact the APIs of crossref.org, opencitations.net, and semanticscholar.org to load article reference information. Although we do not have any reason to believe that your call will be tracked, we do not have any control over how the remote server uses your data. So please proceed with care and consider checking the Crossref privacy policy and the OpenCitations privacy policy, as well as the AI2 Privacy Policy covering Semantic Scholar.
Citation data
Add a list of citing articles from and
to record detail pages.
load citations from opencitations.net
Privacy notice: By enabling the option above, your browser will contact the API of opencitations.net and semanticscholar.org to load citation information. Although we do not have any reason to believe that your call will be tracked, we do not have any control over how the remote server uses your data. So please proceed with care and consider checking the OpenCitations privacy policy as well as the AI2 Privacy Policy covering Semantic Scholar.
OpenAlex data
Load additional information about publications from .
Privacy notice: By enabling the option above, your browser will contact the API of openalex.org to load additional information. Although we do not have any reason to believe that your call will be tracked, we do not have any control over how the remote server uses your data. So please proceed with care and consider checking the information given by OpenAlex.
last updated on 2024-10-07 21:25 CEST by the dblp team
all metadata released as open data under CC0 1.0 license
see also: Terms of Use | Privacy Policy | Imprint
dblp was originally created in 1993 at:
since 2018, dblp has been operated and maintained by:
the dblp computer science bibliography is funded and supported by: