Technische Universität Braunschweig
  • Study & Teaching
    • Beginning your Studies
      • Prospective Students
      • Degree Programmes
      • Application
      • Fit4TU
    • During your Studies
      • Freshmen-Hub
      • Term Dates
      • Courses
      • Information for Freshmen
      • Practical Information
      • Beratungsnavi
      • Additional Qualifications
      • Financing and Costs
      • Special Circumstances
      • Campus life
    • At the End of your Studies
      • Discontinuation and Credentials Certification
      • After graduation
      • Alumni
    • For Teaching Staff
      • Strategy, Offers and Information
      • Learning Management System Stud.IP
      • Team Teaching and Media Education
    • Contact
      • Student Advice Centre
      • Academic Advice Service
      • Admissions Office
  • Research
    • Research Profile
      • Core Research Areas
      • Clusters of Excellence
      • Research Projects
      • Research Centres
      • Professors‘ Research Profiles
    • Early Stage Researchers
      • Promotion of early career scientists
      • PhD-Students
      • Postdocs
      • Junior research group leaders
      • Junior Professorship and Tenure-Track
      • Habilitation
      • Service Offers for Scientists
    • Research Data & Transparency
      • Transparency in Research
      • Research Data
      • Open Access Strategy
      • Digital Research Announcement
    • Research Funding
      • Research Funding Network
      • Research funding
    • Contact
      • Research Services
      • Academy for Graduates
  • International
    • International Students
      • Why Braunschweig?
      • International Student Support
      • Degree seeking students
      • Exchange Studies
      • Refugees
      • TU Braunschweig Summer School
    • Scientists
      • International Postdocs and Professors
      • International PhD Scholars
      • Service for host institutes
      • Research Services and European Office
      • Research Funding Network
    • Language and intercultural competence training
      • Learning German
      • Learning Foreign Languages
      • Intercultural Communication
    • International Profile
      • Internationalisation
      • International Cooperation
    • International House
      • Information for first semester students
      • Contact
      • News and Events
      • International Newsletter
      • Advisory Services
      • Location
      • About us
      • Job advertisements
    • Support for Ukraine
      • We care for Ukraine
      • Support for refugees
  • TU Braunschweig
    • Our Profile
      • Aims & Values
      • Regulations and Guidelines
      • Alliances & Partners
      • The University Development Initiative 2030
      • Facts & Figures
      • Our History
    • Career
      • Working at TU Braunschweig
      • Vacancies
    • Economy & Business
      • Knowledge and Technology Transfer
      • Entrepreneurship
    • General Public
      • Access to the University Library
    • Media Services
      • Communications and Press Service
      • Services for media
      • Film and photo permits
      • Advices for scientists
      • Topics and stories
    • Contact
      • General Contact
      • Getting here
  • Organisation
    • Presidency & Administration
      • Governance Board
      • Designated Offices
      • Administration
      • Committees
    • Faculties
      • Carl-Friedrich-Gauß-Fakultät
      • Faculty of Life Sciences
      • Architecture, Civil Engineering and Environmental Sciences
      • Faculty of Mechanical Engineering
      • Faculty of Electrical Engineering, Information Technology, Physics
      • Faculty of Humanities and Education
    • Institutes
      • Institutes from A to Z
    • Facilities
      • University Library
      • Gauß-IT-Zentrum
      • International House
      • Sports Centre
      • Facilities from A to Z
    • Equal Opportunity Office
      • Equal Opportunity Office
      • Family
      • Diversity for Students
  • Search
  • Quicklinks
    • People Search
    • Webmail Exchange
    • Webmail
    • Campus map
    • CloudStorage
    • Messenger
    • Cafeteria
    • Courses
    • Stud.IP
    • Library Catalogue
    • IT Self-Service
    • Information Portal (employees)
    • Link Collection
    • DE
    • EN
    • Facebook
    • Twitter
    • Instagram
    • YouTube
    • LinkedIn
Menu
  • Technische Universität Braunschweig
  • Organisation
  • Faculties
  • Carl-Friedrich-Gauß-Fakultät
  • Institutes
  • Institute for Application Security
  • Publications
Logo Institut für Anwendungssicherheit der TU Braunschweig
  • Institute for Application Security
    • Team
    • Publications
    • Teaching
    • LegoLab
    • We're hiring!
    • Contact

Publications

2022

Keeping Privacy Labels Honest: Developer conformity to self declared data collection via Apple Privacy Labels
Simon Koch, Malte Wessels, Benjamin Altpeter, Madita Olvermann, and Martin Johns
To appear in the 22nd Privacy Enhancing Technologies Symposium (PETS), 2022 [pdf]

Hand Sanitizers in the Wild: A Large-scale Study of Custom JavaScript Sanitizer Functions
David Klein, Thomas Barber, Souphiane Bensalim, Ben Stock, and Martin Johns
Proc. of the IEEE European Symposium on Security and Privacy (Euro S&P). To appear in June 2022.

Server-Side Browsers: Exploring the Web’s Hidden Attack Surface
Marius Musch, Robin Kirchner, Max Boll, and Martin Johns
Proc. of the 17th ACM Asia Conference on Computer and Communications Security (ASIA CCS). To appear in May 2022.

2021

​​​​​​U Can’t Debug This: Detecting JavaScript Anti-Debugging Techniques in the Wild
Marius Musch and Martin Johns
Proc. of the 30th USENIX Security Symposium, 2021.

LogPicker: Strengthening Certificate Transparency Against Covert Adversaries
Alexandra Dirksen, David Klein, Robert Michael, Tilman Stehr, Konrad Rieck and Martin Johns.
Proceedings on Privacy Enhancing Technologies (PETS'21)  [BIB]

Talking About My Generation: Targeted DOM-based XSS Exploit Generation using Dynamic Data Flow Analysis
Souphiane Bensalim, David Klein, Thomas Barber, Martin Johns
Proceedings of the 14th European Workshop on Systems Security (EuroSec '21) [BIB]

Who’s Hosting the Block Party? Studying Third-Party Blockage of CSP and SRI
Marius Steffens, Marius Musch, Martin Johns, and Ben Stock
Network and Distributed System Security Symposium (NDSS),  2021.

2020

Towards Enabling Secure Web-based Cloud Services using Client-side Encryption
Martin Johns, Alexandra Dirksen
Proceedings of ACM Workshop on Cloud Computing Security (CCSW’20) [BIB]

Adversarial Preprocessing: Understanding and Preventing Image-Scaling Attacks in Machine Learning
Erwin Quiring, David Klein, Daniel Arp, Martin Johns and Konrad Rieck
Proc. of the 29th USENIX Security Symposium, August 2020 [BIB]

Raccoon: Automated Verification of Guarded Race Conditions in Web Applications
Simon Koch, Tim Sauer, Martin Johns, Giancarlo Pellegrino
Proc. of the 35th ACM/SIGAPP Symposium on Applied Computing (SAC), 2020

Hybrid Taint Analysis for Java EE
Florian D. Loch, Martin Johns, Martin Hecker, Martin Mohr, Gregor Snelting 
Proc. of the 35th ACM/SIGAPP Symposium on Applied Computing (SAC), 2020

2019

Thieves in the Browser: Web-based Cryptojacking in the Wild  *Best Paper Award Runner-up*
Marius Musch, Christian Wressnegger, Martin Johns, and Konrad Rieck
Proc. of 14th Int. Conference on Availability, Reliability and Security (ARES), 2019.

ScriptProtect: Mitigating Unsafe Third-Party JavaScript Practices
Marius Musch, Marius Steffens, Sebastian Roth, Ben Stock, and Martin Johns
Proc. of 14th ACM Asia Conference on Computer and Communications Security (ASIACCS), 2019.

New Kid on the Web: A Study on the Prevalence of WebAssembly in the Wild  *Best Paper Award Runner-up*
Marius Musch, Christian Wressnegger, Martin Johns, and Konrad Rieck
Proc. of 16th Conference on Detection of Intrusions and Malware & Vulnerability Assessment (DIMVA), 2019.

Don’t Trust The Locals: Investigating the Prevalence of Persistent Client-Side Cross-Site Scripting in the Wild
Marius Steffens, Christian Rossow, Martin Johns, Ben Stock
Proc. of  26th Network and Distributed System Security Symposium (NDSS'19), February 2019

2018

Towards an Automatic Generation of Low-Interaction Web Application Honeypots
Marius Musch, Martin Härterich, and Martin Johns
Proc. of 13th Int. Conference on Availability, Reliability and Security (ARES), 2018.

Web-based Cryptojacking in the Wild
Marius Musch, Christian Wressnegger, Martin Johns, and Konrad Rieck
Technical report, arXiv:1808.09474, 2018.

Photo credits of this page

For All Visitors

Vacancies of TU Braunschweig
Career Service' Job Exchange 
Merchandising

For Students

Term Dates
Courses
Degree Programmes
Information for Freshman
TUCard

Internal Tools

Glossary (GER-EN)
Change your Personal Data

Contact

Technische Universität Braunschweig
Universitätsplatz 2
38106 Braunschweig

P. O. Box: 38092 Braunschweig
GERMANY

Phone: +49 (0) 531 391-0

Getting here

© Technische Universität Braunschweig
Imprint Privacy Accessibility

TU Braunschweig uses the software Matomo for anonymised web analysis. The data serve to optimise the web offer.
You can find more information in our data protection declaration.