Martin Johns

Publications:

"Sorry for bugging you so much". Exploring Developers’ Behavior Towards Privacy-Compliant Implementation || 2025-05-02 No Keys to the Kingdom Required: A Comprehensive Investigation of Missing Authentication Vulnerabilities in the Wild || 2022-10-25 The OK is Not Enough: Large Scale Study of Consent Dialogs in Smartphone Applications || 2023-08-10 Parse Me, Baby, One More Time: Bypassing HTML Sanitizer via Parsing Differentials || 2024-05-20 Keeping Privacy Labels Honest: Developer conformity to self declared data collection via Apple Privacy Labels || 2022-07-11 Raccoon: Automated Verification of Guarded Race Conditions in Web Applications || 2020-03-30 FUZZILLI: Fuzzing for JavaScript JIT Compiler Vulnerabilities || 2023-02-27 New Kid on the Web: A Study on the Prevalence of WebAssembly in the Wild || 2019-06-19 A Black-Box Privacy Analysis of Messaging Service Providers' Chat Message Processing || 2024-07-15 FP-tracer: Fine-grained Browser Fingerprinting Detection via Taint-tracking and Multi-level Entropy-based Thresholds || 2024-07-15 The Fault in Our Stars: An Analysis of GitHub Stars as an Importance Metric for Web Source Code || 2024-03-01 Hybrid Taint Analysis for Java EE || 2020-03-30 Don't Trust The Locals: Investigating the Prevalence of Persistent Client-Side Cross-Site Scripting in the Wild || 2019-02-24 Dancer in the Dark: Synthesizing and Evaluating Polyglots for Blind Cross-Site Scripting || 2024-08-14 Server-Side Browsers: Exploring the Web’s Hidden Attack Surface || 2022-05-30 Hand Sanitizers in the Wild: A Large-scale Study of Custom JavaScript Sanitizer Functions || 2022-06-07 Talking About My Generation: Targeted DOM-based XSS Exploit Generation using Dynamic Data Flow Analysis || 2021-04-26 Accept All Exploits: Exploring the Security Impact of Cookie Banners || 2022-12-05 Thieves in the Browser: Web-based Cryptojacking in the Wild || 2019-08-26 Towards Enabling Secure Web-based Cloud Services using Client-side Encryption || 2020-11-26 General Data Protection Runtime: Enforcing Transparent GDPR Compliance for Existing Applications || 2023-11-26 Adversarial Preprocessing: Understanding and Preventing Image-Scaling Attacks in Machine Learning || 2020-08-12 Who’s Hosting the Block Party? Studying Third-Party Blockage of CSP and SRI || 2021-02-21 ScriptProtect: Mitigating Unsafe Third-Party JavaScript Practices || 2019-07-07 U Can’t Debug This: Detecting JavaScript Anti-Debugging Techniques in the Wild || 2021-08-11 LogPicker: Strengthening Certificate Transparency Against Covert Adversaries || 2021-07-12