Ben Stock

Proceedings of the 32nd USENIX Security Symposium, 2023

The Leaky Web: Automated Discovery of Cross-Site Information Leaks in Browsers and the Web.

[BibT_eX]

[DOI]

Jannis Rautenstrauch

Giancarlo Pellegrino

Proceedings of the 44th IEEE Symposium on Security and Privacy, 2023

Honey, I Cached our Security Tokens Re-usage of Security Tokens in the Wild.

[BibT_eX]

[DOI]

Leon Trampert

Sebastian Roth

Proceedings of the 26th International Symposium on Research in Attacks, 2023

DiffCSP: Finding Browser Bugs in Content Security Policy Enforcement through Differential Testing.

[BibT_eX]

[DOI]

Proceedings of the 30th Annual Network and Distributed System Security Symposium, 2023

You Call This Archaeology? Evaluating Web Archives for Reproducible Web Security Measurements.

[BibT_eX]

[DOI]

Proceedings of the 2023 ACM SIGSAC Conference on Computer and Communications Security, 2023

2022

The Security Lottery: Measuring Client-Side Web Security Inconsistencies.

[BibT_eX]

[DOI]

Proceedings of the 31st USENIX Security Symposium, 2022

To hash or not to hash: A security assessment of CSP's unsafe-hashes expression.

[BibT_eX]

[DOI]

Peter Stolz

Sebastian Roth

Proceedings of the 43rd IEEE Security and Privacy, 2022

HTML violations and where to find them: a longitudinal analysis of specification violations in HTML.

[BibT_eX]

[DOI]

Florian Hantke

Proceedings of the 22nd ACM Internet Measurement Conference, 2022

Hand Sanitizers in the Wild: A Large-scale Study of Custom JavaScript Sanitizer Functions.

[BibT_eX]

[DOI]

Proceedings of the 7th IEEE European Symposium on Security and Privacy, 2022

Freely Given Consent?: Studying Consent Notice of Third-Party Tracking and Its Violations of GDPR in Android Apps.

[BibT_eX]

[DOI]

Trung Tin Nguyen

Proceedings of the 2022 ACM SIGSAC Conference on Computer and Communications Security, 2022

2021

Share First, Ask Later (or Never?) Studying Violations of GDPR's Explicit Consent in Android Apps.

[BibT_eX]

[DOI]

Proceedings of the 30th USENIX Security Symposium, 2021

Who's Hosting the Block Party? Studying Third-Party Blockage of CSP and SRI.

[BibT_eX]

[DOI]

Proceedings of the 28th Annual Network and Distributed System Security Symposium, 2021

Reining in the Web's Inconsistencies with Site Policy.

[BibT_eX]

[DOI]

Proceedings of the 28th Annual Network and Distributed System Security Symposium, 2021

12 Angry Developers - A Qualitative Study on Developers' Struggles with CSP.

[BibT_eX]

[DOI]

Proceedings of the CCS '21: 2021 ACM SIGSAC Conference on Computer and Communications Security, Virtual Event, Republic of Korea, November 15, 2021

DoubleX: Statically Detecting Vulnerable Data Flows in Browser Extensions at Scale.

[BibT_eX]

[DOI]

Proceedings of the CCS '21: 2021 ACM SIGSAC Conference on Computer and Communications Security, Virtual Event, Republic of Korea, November 15, 2021

Careful Who You Trust: Studying the Pitfalls of Cross-Origin Communication.

[BibT_eX]

[DOI]

Gordon Meiser

Pierre Laperdrix

Proceedings of the ASIA CCS '21: ACM Asia Conference on Computer and Communications Security, 2021

2020

A Tale of Two Headers: A Formal Analysis of Inconsistent Click-Jacking Protection on the Web.

[BibT_eX]

[DOI]

Proceedings of the 29th USENIX Security Symposium, 2020

Complex Security Policy? A Longitudinal Analysis of Deployed Content Security Policies.

[BibT_eX]

[DOI]

Proceedings of the 27th Annual Network and Distributed System Security Symposium, 2020

SecWeb 2020 Preface.

[BibT_eX]

[DOI]

Stefano Calzavara

Proceedings of the IEEE European Symposium on Security and Privacy Workshops, 2020

PMForce: Systematically Analyzing postMessage Handlers at Scale.

[BibT_eX]

[DOI]

Marius Steffens

Proceedings of the CCS '20: 2020 ACM SIGSAC Conference on Computer and Communications Security, 2020

Assessing the Impact of Script Gadgets on CSP at Scale.

[BibT_eX]

[DOI]

Sebastian Roth

Proceedings of the ASIA CCS '20: The 15th ACM Asia Conference on Computer and Communications Security, 2020

2019

Don't Trust The Locals: Investigating the Prevalence of Persistent Client-Side Cross-Site Scripting in the Wild.

[BibT_eX]

[DOI]

Proceedings of the 26th Annual Network and Distributed System Security Symposium, 2019

ScriptProtect: Mitigating Unsafe Third-Party JavaScript Practices.

[BibT_eX]

[DOI]

Proceedings of the 2019 ACM Asia Conference on Computer and Communications Security, 2019

HideNoSeek: Camouflaging Malicious JavaScript in Benign ASTs.

[BibT_eX]

[DOI]

Aurore Fass

Proceedings of the 2019 ACM SIGSAC Conference on Computer and Communications Security, 2019

JStap: a static pre-filter for malicious JavaScript detection.

[BibT_eX]

[DOI]

Aurore Fass

Proceedings of the 35th Annual Computer Security Applications Conference, 2019

2018

Didn't You Hear Me? - Towards More Successful Web Vulnerability Notifications.

[BibT_eX]

[DOI]

Proceedings of the 25th Annual Network and Distributed System Security Symposium, 2018

JaSt: Fully Syntactic Detection of Malicious (Obfuscated) JavaScript.

[BibT_eX]

[DOI]

Proceedings of the Detection of Intrusions and Malware, and Vulnerability Assessment, 2018

2017

How the Web Tangled Itself: Uncovering the History of Client-Side Web (In)Security.

[BibT_eX]

[DOI]

Proceedings of the 26th USENIX Security Symposium, 2017

Efficient and Flexible Discovery of PHP Application Vulnerabilities.

[BibT_eX]

[DOI]

Proceedings of the 2017 IEEE European Symposium on Security and Privacy, 2017

2016

Client-Side XSS in Theorie und Praxis.

[BibT_eX]

[DOI]

Datenschutz und Datensicherheit, 2016

Hey, You Have a Problem: On the Feasibility of Large-Scale Web Vulnerability Notification.

[BibT_eX]

[DOI]

Proceedings of the 25th USENIX Security Symposium, 2016

On the Feasibility of TTL-Based Filtering for DRDoS Mitigation.

[BibT_eX]

[DOI]

Proceedings of the Research in Attacks, Intrusions, and Defenses, 2016

Kizzle: A Signature Compiler for Detecting Exploit Kits.

[BibT_eX]

[DOI]

Benjamin Livshits

Benjamin G. Zorn

Proceedings of the 46th Annual IEEE/IFIP International Conference on Dependable Systems and Networks, 2016

POSTER: Mapping the Landscape of Large-Scale Vulnerability Notifications.

[BibT_eX]

[DOI]

Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security, 2016

2015

Untangling the Web of Client-Side Cross-Site Scripting.

[BibT_eX]

[DOI]

Benjamin Stock

PhD thesis, 2015

The Unexpected Dangers of Dynamic JavaScript.

[BibT_eX]

[DOI]

Proceedings of the 24th USENIX Security Symposium, 2015

From Facepalm to Brain Bender: Exploring Client-Side Cross-Site Scripting.

[BibT_eX]

[DOI]

Proceedings of the 22nd ACM SIGSAC Conference on Computer and Communications Security, 2015

2014

Precise Client-side Protection against DOM-based Cross-Site Scripting.

[BibT_eX]

[DOI]

Proceedings of the 23rd USENIX Security Symposium, San Diego, CA, USA, August 20-22, 2014., 2014

DOM-basiertes Cross-Site Scripting im Web: Reise in ein unerforschtes Land.

[BibT_eX]

[DOI]

Sebastian Lekies

Proceedings of the Sicherheit 2014: Sicherheit, 2014

Protecting users against XSS-based password manager abuse.

[BibT_eX]

[DOI]

Proceedings of the 9th ACM Symposium on Information, Computer and Communications Security, 2014

2013

Eradicating DNS Rebinding with the Extended Same-origin Policy.

[BibT_eX]

[DOI]

Sebastian Lekies

Proceedings of the 22th USENIX Security Symposium, Washington, DC, USA, August 14-16, 2013, 2013

25 million flows later: large-scale detection of DOM-based XSS.

[BibT_eX]

[DOI]

Sebastian Lekies

Proceedings of the 2013 ACM SIGSAC Conference on Computer and Communications Security, 2013

2011

Exploring the Landscape of Cybercrime.

[BibT_eX]

[DOI]

Michael Spreitzenbarth