Ruhr-Uni-Bochum
Martin Johns

Martin Johns

Institution: TU Braunschweig / CASA

Research Hub(s):

Hub B: Eingebettete Sicherheit

E-Mail: M.Johns@tu-braunschweig.de

Publikationen:

A Black-Box Privacy Analysis of Messaging Service Providers' Chat Message Processing The OK is Not Enough: Large Scale Study of Consent Dialogs in Smartphone Applications Parse Me, Baby, One More Time: Bypassing HTML Sanitizer via Parsing Differentials Keeping Privacy Labels Honest: Developer conformity to self declared data collection via Apple Privacy Labels Raccoon: Automated Verification of Guarded Race Conditions in Web Applications FUZZILLI: Fuzzing for JavaScript JIT Compiler Vulnerabilities No Keys to the Kingdom Required: A Comprehensive Investigation of Missing Authentication Vulnerabilities in the Wild New Kid on the Web: A Study on the Prevalence of WebAssembly in the Wild FP-tracer: Fine-grained Browser Fingerprinting Detection via Taint-tracking and Multi-level Entropy-based Thresholds The Fault in Our Stars: An Analysis of GitHub Stars as an Importance Metric for Web Source Code Hybrid Taint Analysis for Java EE Don't Trust The Locals: Investigating the Prevalence of Persistent Client-Side Cross-Site Scripting in the Wild Dancer in the Dark: Synthesizing and Evaluating Polyglots for Blind Cross-Site Scripting Server-Side Browsers: Exploring the Web’s Hidden Attack Surface LogPicker: Strengthening Certificate Transparency Against Covert Adversaries U Can’t Debug This: Detecting JavaScript Anti-Debugging Techniques in the Wild ScriptProtect: Mitigating Unsafe Third-Party JavaScript Practices Who’s Hosting the Block Party? Studying Third-Party Blockage of CSP and SRI Adversarial Preprocessing: Understanding and Preventing Image-Scaling Attacks in Machine Learning Hand Sanitizers in the Wild: A Large-scale Study of Custom JavaScript Sanitizer Functions Thieves in the Browser: Web-based Cryptojacking in the Wild Towards Enabling Secure Web-based Cloud Services using Client-side Encryption General Data Protection Runtime: Enforcing Transparent GDPR Compliance for Existing Applications Accept All Exploits: Exploring the Security Impact of Cookie Banners Talking About My Generation: Targeted DOM-based XSS Exploit Generation using Dynamic Data Flow Analysis