Martin Johns

According to our database1, Martin Johns authored at least 63 papers between 2003 and 2019.

Collaborative distances:

Timeline

Legend:

Book 
In proceedings 
Article 
PhD thesis 
Other 

Links

On csauthors.net:

Bibliography

2019
Don't Trust The Locals: Investigating the Prevalence of Persistent Client-Side Cross-Site Scripting in the Wild.
Proceedings of the 26th Annual Network and Distributed System Security Symposium, 2019

New Kid on the Web: A Study on the Prevalence of WebAssembly in the Wild.
Proceedings of the Detection of Intrusions and Malware, and Vulnerability Assessment, 2019

ScriptProtect: Mitigating Unsafe Third-Party JavaScript Practices.
Proceedings of the 2019 ACM Asia Conference on Computer and Communications Security, 2019

Thieves in the Browser: Web-based Cryptojacking in the Wild.
Proceedings of the 14th International Conference on Availability, Reliability and Security, 2019

2018
Web Application Security (Dagstuhl Seminar 18321).
Dagstuhl Reports, 2018

Web-based Cryptojacking in the Wild.
CoRR, 2018

Towards an Automatic Generation of Low-Interaction Web Application Honeypots.
Proceedings of the 13th International Conference on Availability, Reliability and Security, 2018

2017
Deemon: Detecting CSRF with Dynamic Analysis and Property Graphs.
CoRR, 2017

How the Web Tangled Itself: Uncovering the History of Client-Side Web (In)Security.
Proceedings of the 26th USENIX Security Symposium, 2017

Deemon: Detecting CSRF with Dynamic Analysis and Property Graphs.
Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security, CCS 2017, Dallas, TX, USA, October 30, 2017

Code-Reuse Attacks for the Web: Breaking Cross-Site Scripting Mitigations via Script Gadgets.
Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security, CCS 2017, Dallas, TX, USA, October 30, 2017

2016
Client-Side XSS in Theorie und Praxis.
Datenschutz und Datensicherheit, 2016

Security Testing: A Survey.
Advances in Computers, 2016

Hey, You Have a Problem: On the Feasibility of Large-Scale Web Vulnerability Notification.
Proceedings of the 25th USENIX Security Symposium, 2016

Ensuring endpoint authenticity in WebRTC peer-to-peer communication.
Proceedings of the 31st Annual ACM Symposium on Applied Computing, 2016

POSTER: Mapping the Landscape of Large-Scale Vulnerability Notifications.
Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security, 2016

2015
The Unexpected Dangers of Dynamic JavaScript.
Proceedings of the 24th USENIX Security Symposium, 2015

LogSec: adaptive protection for the wild wild web.
Proceedings of the 30th Annual ACM Symposium on Applied Computing, 2015

From Facepalm to Brain Bender: Exploring Client-Side Cross-Site Scripting.
Proceedings of the 22nd ACM SIGSAC Conference on Computer and Communications Security, 2015

2014
Primer on Client-Side Web Security
Springer Briefs in Computer Science, Springer, ISBN: 978-3-319-12226-7, 2014

Preface.
Journal of Computer Security, 2014

Script-templates for the Content Security Policy.
J. Inf. Sec. Appl., 2014

Real-Time Communications Security on the Web.
IEEE Internet Computing, 2014

Precise Client-side Protection against DOM-based Cross-Site Scripting.
Proceedings of the 23rd USENIX Security Symposium, San Diego, CA, USA, August 20-22, 2014., 2014

DOM-basiertes Cross-Site Scripting im Web: Reise in ein unerforschtes Land.
Proceedings of the Sicherheit 2014: Sicherheit, 2014

A Trusted UI for the Mobile Web.
Proceedings of the ICT Systems Security and Privacy Protection, 2014

PhishSafe: leveraging modern JavaScript API's for transparent and robust protection.
Proceedings of the Fourth ACM Conference on Data and Application Security and Privacy, 2014

Protecting users against XSS-based password manager abuse.
Proceedings of the 9th ACM Symposium on Information, Computer and Communications Security, 2014

2013
Eradicating DNS Rebinding with the Extended Same-origin Policy.
Proceedings of the 22th USENIX Security Symposium, Washington, DC, USA, August 14-16, 2013, 2013

Tamper-Resistant LikeJacking Protection.
Proceedings of the Research in Attacks, Intrusions, and Defenses, 2013

PreparedJS: Secure Script-Templates for JavaScript.
Proceedings of the Detection of Intrusions and Malware, and Vulnerability Assessment, 2013

25 million flows later: large-scale detection of DOM-based XSS.
Proceedings of the 2013 ACM SIGSAC Conference on Computer and Communications Security, 2013

2012
HTML5-Security - Sicherer Umgang mit den neuen JavaScript APIs.
Datenschutz und Datensicherheit, 2012

Web Application Security (Dagstuhl Seminar 12401).
Dagstuhl Reports, 2012

WebSand: Server-Driven Outbound Web-Application Sandboxing.
Proceedings of the Trust, Privacy and Security in Digital Business, 2012

A User-Level Authentication Scheme to Mitigate Web Session-Based Vulnerabilities.
Proceedings of the Trust, Privacy and Security in Digital Business, 2012

Towards stateless, client-side driven Cross-Site Request Forgery protection for Web applications.
Proceedings of the Sicherheit 2012: Sicherheit, 2012

DEMACRO: Defense against Malicious Cross-Domain Requests.
Proceedings of the Research in Attacks, Intrusions, and Defenses, 2012

BetterAuth: web authentication revisited.
Proceedings of the 28th Annual Computer Security Applications Conference, 2012

2011
Session Hijacking Attacks.
Proceedings of the Encyclopedia of Cryptography and Security, 2nd Ed., 2011

Code Injection Vulnerabilities in Web Applications: Exemplified at Cross-site Scripting.
PhD thesis, 2011

Code-injection Vulnerabilities in Web Applications - Exemplified at Cross-site Scripting.
it - Information Technology, 2011

Reliable protection against session fixation attacks.
Proceedings of the 2011 ACM Symposium on Applied Computing (SAC), TaiChung, Taiwan, March 21, 2011

Plug-In Privacy for Smart Metering Billing.
Proceedings of the Privacy Enhancing Technologies - 11th International Symposium, 2011

Scanstud: A Methodology for Systematic, Fine-Grained Evaluation of Static Analysis Tools.
Proceedings of the Fourth IEEE International Conference on Software Testing, 2011

Abusing locality in shared web hosting.
Proceedings of the Fourth European Workshop on System Security, 2011

SessionShield: Lightweight Protection against Session Hijacking.
Proceedings of the Engineering Secure Software and Systems - Third International Symposium, 2011

Biting the Hand That Serves You: A Closer Look at Client-Side Flash Proxies for Cross-Domain Requests.
Proceedings of the Detection of Intrusions and Malware, and Vulnerability Assessment, 2011

Smart metering de-pseudonymization.
Proceedings of the Twenty-Seventh Annual Computer Security Applications Conference, 2011

2010
Plug-in privacy for Smart Metering billing
CoRR, 2010

Session Fixation - The Forgotten Vulnerability?
Proceedings of the Sicherheit 2010: Sicherheit, 2010

Security Challenges of a Changing Energy Landscape.
Proceedings of the ISSE 2010, 2010

Secure Code Generation for Web Applications.
Proceedings of the Engineering Secure Software and Systems, Second International Symposium, 2010

2009
Code-injection Verwundbarkeit in Web Anwendungen am Beispiel von Cross-site Scripting.
Proceedings of the Ausgezeichnete Informatikdissertationen 2009, 2009

09141 Executive Summary - Web Application Security.
Proceedings of the Web Application Security, 29.03. - 03.04.2009, 2009

09141 Abstracts Collection - Web Application Security.
Proceedings of the Web Application Security, 29.03. - 03.04.2009, 2009

2008
On JavaScript Malware and related threats.
Journal in Computer Virology, 2008

XSSDS: Server-Side Detection of Cross-Site Scripting Attacks.
Proceedings of the Twenty-Fourth Annual Computer Security Applications Conference, 2008

2007
Automatisierter Code-Audit - Sicherheitsanalyse von Source Code in Theorie und Praxis.
Datenschutz und Datensicherheit, 2007

SMask: preventing injection attacks in web applications by approximating automatic data/code separation.
Proceedings of the 2007 ACM Symposium on Applied Computing (SAC), 2007

Protecting the Intranet Against "JavaScript Malware" and Related Attacks.
Proceedings of the Detection of Intrusions and Malware, 2007

2006
SessionSafe: Implementing XSS Immune Session Handling.
Proceedings of the Computer Security, 2006

2003
Pseudonyme Biometrik: Ein signatur-basierter Ansatz.
Proceedings of the BIOSIG 2003, 2003


  Loading...