Martin Johns

Martin Johns

Institution: TU Braunschweig / CASA

Research Hub(s):

Hub B: Embedded Security



The Fault in Our Stars: An Analysis of GitHub Stars as an Importance Metric for Web Source Code Parse Me, Baby, One More Time: Bypassing HTML Sanitizer via Parsing Differentials Keeping Privacy Labels Honest: Developer conformity to self declared data collection via Apple Privacy Labels Raccoon: Automated Verification of Guarded Race Conditions in Web Applications FUZZILLI: Fuzzing for JavaScript JIT Compiler Vulnerabilities Dancer in the Dark: Synthesizing and Evaluating Polyglots for Blind Cross-Site Scripting The OK is Not Enough: Large Scale Study of Consent Dialogs in Smartphone Applications Hybrid Taint Analysis for Java EE Don't Trust The Locals: Investigating the Prevalence of Persistent Client-Side Cross-Site Scripting in the Wild New Kid on the Web: A Study on the Prevalence of WebAssembly in the Wild No Keys to the Kingdom Required: A Comprehensive Investigation of Missing Authentication Vulnerabilities in the Wild Thieves in the Browser: Web-based Cryptojacking in the Wild Towards Enabling Secure Web-based Cloud Services using Client-side Encryption Server-Side Browsers: Exploring the Web’s Hidden Attack Surface Hand Sanitizers in the Wild: A Large-scale Study of Custom JavaScript Sanitizer Functions Talking About My Generation: Targeted DOM-based XSS Exploit Generation using Dynamic Data Flow Analysis Accept All Exploits: Exploring the Security Impact of Cookie Banners General Data Protection Runtime: Enforcing Transparent GDPR Compliance for Existing Applications Adversarial Preprocessing: Understanding and Preventing Image-Scaling Attacks in Machine Learning Who’s Hosting the Block Party? Studying Third-Party Blockage of CSP and SRI ScriptProtect: Mitigating Unsafe Third-Party JavaScript Practices U Can’t Debug This: Detecting JavaScript Anti-Debugging Techniques in the Wild LogPicker: Strengthening Certificate Transparency Against Covert Adversaries