Martin Johns
Institution: TU Braunschweig / CASA
Research Hub(s):
Hub B: Embedded Security
E-Mail: M.Johns@tu-braunschweig.de
Twitter: @datenkeller
Publications:
A Black-Box Privacy Analysis of Messaging Service Providers' Chat Message Processing The OK is Not Enough: Large Scale Study of Consent Dialogs in Smartphone Applications Parse Me, Baby, One More Time: Bypassing HTML Sanitizer via Parsing Differentials Keeping Privacy Labels Honest: Developer conformity to self declared data collection via Apple Privacy Labels Raccoon: Automated Verification of Guarded Race Conditions in Web Applications FUZZILLI: Fuzzing for JavaScript JIT Compiler Vulnerabilities No Keys to the Kingdom Required: A Comprehensive Investigation of Missing Authentication Vulnerabilities in the Wild FP-tracer: Fine-grained Browser Fingerprinting Detection via Taint-tracking and Multi-level Entropy-based Thresholds The Fault in Our Stars: An Analysis of GitHub Stars as an Importance Metric for Web Source Code Hybrid Taint Analysis for Java EE Don't Trust The Locals: Investigating the Prevalence of Persistent Client-Side Cross-Site Scripting in the Wild New Kid on the Web: A Study on the Prevalence of WebAssembly in the Wild Dancer in the Dark: Synthesizing and Evaluating Polyglots for Blind Cross-Site Scripting Thieves in the Browser: Web-based Cryptojacking in the Wild Server-Side Browsers: Exploring the Web’s Hidden Attack Surface Hand Sanitizers in the Wild: A Large-scale Study of Custom JavaScript Sanitizer Functions Talking About My Generation: Targeted DOM-based XSS Exploit Generation using Dynamic Data Flow Analysis Accept All Exploits: Exploring the Security Impact of Cookie Banners Towards Enabling Secure Web-based Cloud Services using Client-side Encryption General Data Protection Runtime: Enforcing Transparent GDPR Compliance for Existing Applications Adversarial Preprocessing: Understanding and Preventing Image-Scaling Attacks in Machine Learning Who’s Hosting the Block Party? Studying Third-Party Blockage of CSP and SRI ScriptProtect: Mitigating Unsafe Third-Party JavaScript Practices U Can’t Debug This: Detecting JavaScript Anti-Debugging Techniques in the Wild LogPicker: Strengthening Certificate Transparency Against Covert Adversaries