Technische Universität Braunschweig
  • Study & Teaching
    • Beginning your Studies
      • Prospective Students
      • Degree Programmes
      • Application
      • Fit4TU
      • Why Braunschweig?
    • During your Studies
      • Freshers' Hub
      • Term Dates
      • Courses
      • Information for Freshmen
      • Practical Information
      • Beratungsnavi
      • Additional Qualifications
      • Financing and Costs
      • Special Circumstances
      • Notes on the coronavirus
      • Health and Well-being
      • Campus life
    • At the End of your Studies
      • Discontinuation and Credentials Certification
      • After graduation
      • Alumni
    • For Teaching Staff
      • Strategy, Offers and Information
      • Learning Management System Stud.IP
      • Teaching and Media Education
    • Contact
      • Study Service Centre
      • Academic Advice Service
      • Student Office
  • Research
    • Research Profile
      • Core Research Areas
      • Clusters of Excellence
      • Research Projects
      • Research Centres
      • Professors‘ Research Profiles
    • Early Stage Researchers
      • Promotion of early career scientists
      • PhD-Students
      • Postdocs
      • Junior research group leaders
      • Junior Professorship and Tenure-Track
      • Habilitation
      • Service Offers for Scientists
    • Research Data & Transparency
      • Transparency in Research
      • Research Data
      • Open Access Strategy
      • Digital Research Announcement
    • Research Funding
      • Research Funding Network
      • Research funding
    • Contact
      • Research Services
      • Academy for Graduates
  • International
    • International Students
      • Why Braunschweig?
      • International Student Support
      • Degree seeking students
      • Exchange Studies
      • Refugees
      • TU Braunschweig Summer School
    • Going Abroad
      • Internships abroad
      • Teaching and research abroad
      • Working abroad
    • International Scientists
      • International Postdocs and Professors
      • International PhD Scholars
      • Service for host institutes
    • Language and intercultural competence training
      • Learning German
      • Learning Foreign Languages
      • Intercultural Communication
    • International Profile
      • Internationalisation
      • International Cooperation
    • International House
      • About us
      • Contact & Office Hours
      • News and Events
      • Newsletter, Podcast & Videos
      • Job Advertisements
  • TU Braunschweig
    • Our Profile
      • Aims & Values
      • Regulations and Guidelines
      • Alliances & Partners
      • The University Development Initiative 2030
      • Facts & Figures
      • Our History
    • Career
      • Working at TU Braunschweig
      • Vacancies
    • Economy & Business
      • Entrepreneurship
    • General Public
      • Access to the University Library
    • Media Services
      • Communications and Press Service
      • Services for media
      • Film and photo permits
      • Advices for scientists
      • Topics and stories
    • Contact
      • General Contact
      • Getting here
  • Organisation
    • Presidency & Administration
      • Executive Board
      • Designated Offices
      • Administration
      • Committees
    • Faculties
      • Carl-Friedrich-Gauß-Fakultät
      • Faculty of Life Sciences
      • Architecture, Civil Engineering and Environmental Sciences
      • Faculty of Mechanical Engineering
      • Faculty of Electrical Engineering, Information Technology, Physics
      • Faculty of Humanities and Education
    • Institutes
      • Institutes from A to Z
    • Facilities
      • University Library
      • Gauß-IT-Zentrum
      • Professional and Personnel Development
      • International House
      • Sports center
      • Facilities from A to Z
    • Equal Opportunity Office
      • Equal Opportunity Office
      • Family
      • Diversity for Students
  • Search
  • Quicklinks
    • People Search
    • Webmail
    • cloud.TU Braunschweig
    • Messenger
    • Cafeteria
    • Courses
    • Stud.IP
    • Library Catalogue
    • IT Self-Service
    • Information Portal (employees)
    • Link Collection
    • DE
    • EN
    • Facebook
    • Twitter
    • Instagram
    • YouTube
    • LinkedIn
Menu
  • Technische Universität Braunschweig
  • Organisation
  • Faculties
  • Carl-Friedrich-Gauß-Fakultät
  • Institutes
  • Institute for Application Security
  • Publications
Logo Institut für Anwendungssicherheit der TU Braunschweig
  • Institute for Application Security
    • Team
    • Publications
    • Projects
    • Teaching
    • LegoLab
    • Rent a Laptop
    • Contact

Publications

2023

Network Responses to Russia’s Invasion of Ukraine in 2022: A Cautionary Tale for Internet Freedom
Reethika Ramesh, Ram Sundara Raman, Apurva Virkud, Alexandra Dirksen, Armin Huremagic, David Fifield Dirk Rodenburg, Rod Hynes, Doug Madory, Roya Ensafi
To appear at the 32nd USENIX Security Symposium, 2023

The OK is Not Enough: Large Scale Study of Consent Dialogs in Smartphone Applications
Simon Koch, Benjamin Altpeter, Martin Johns
To appear at the 32nd USENIX Security Symposium, 2023

FUZZILLI: Fuzzing for JavaScript JIT Compiler Vulnerabilities
Samuel Groß, Simon Koch, Lukas Bernhard, Thorsten Holz, Martin Johns 
Network and Distributed System Security (NDSS) Symposium, 2023

2022

Accept All Exploits: Exploring the Security Impact of Cookie Banners
David Klein*, Marius Musch*, Thomas Barber, Moritz Kopmann, and Martin Johns
Proc. of the 37th Annual Computer Security Applications Conference (ACSAC), 2022

No Keys to the Kingdom Required: A Comprehensive Investigation of Missing Authentication Vulnerabilities in the Wild
Manuel Karl*, Marius Musch*, Guoli Ma, Martin Johns, and Sebastian Lekies
Proc. of the 22nd ACM Internet Measurement Conference (IMC), 2022

Keeping Privacy Labels Honest: Developer conformity to self declared data collection via Apple Privacy Labels
Simon Koch, Malte Wessels, Benjamin Altpeter, Madita Olvermann, and Martin Johns
To appear in the 22nd Privacy Enhancing Technologies Symposium (PETS), 2022

Hand Sanitizers in the Wild: A Large-scale Study of Custom JavaScript Sanitizer Functions
David Klein, Thomas Barber, Souphiane Bensalim, Ben Stock, and Martin Johns
Proc. of the IEEE European Symposium on Security and Privacy (Euro S&P 2022)  [BIB]

Server-Side Browsers: Exploring the Web’s Hidden Attack Surface
Marius Musch, Robin Kirchner, Max Boll, and Martin Johns
Proc. of the 17th ACM Asia Conference on Computer and Communications Security (ASIA CCS), 2022

2021

​​​​​​U Can’t Debug This: Detecting JavaScript Anti-Debugging Techniques in the Wild
Marius Musch and Martin Johns
Proc. of the 30th USENIX Security Symposium, 2021

LogPicker: Strengthening Certificate Transparency Against Covert Adversaries
Alexandra Dirksen, David Klein, Robert Michael, Tilman Stehr, Konrad Rieck and Martin Johns.
Proceedings on Privacy Enhancing Technologies (PETS'21)  [BIB]

Talking About My Generation: Targeted DOM-based XSS Exploit Generation using Dynamic Data Flow Analysis
Souphiane Bensalim, David Klein, Thomas Barber, Martin Johns
Proceedings of the 14th European Workshop on Systems Security (EuroSec '21) [BIB]

Who’s Hosting the Block Party? Studying Third-Party Blockage of CSP and SRI
Marius Steffens, Marius Musch, Martin Johns, and Ben Stock
Network and Distributed System Security Symposium (NDSS),  2021

2020

Towards Enabling Secure Web-based Cloud Services using Client-side Encryption
Martin Johns, Alexandra Dirksen
Proceedings of ACM Workshop on Cloud Computing Security (CCSW’20) [BIB]

Adversarial Preprocessing: Understanding and Preventing Image-Scaling Attacks in Machine Learning
Erwin Quiring, David Klein, Daniel Arp, Martin Johns and Konrad Rieck
Proc. of the 29th USENIX Security Symposium, August 2020 [BIB]

Raccoon: Automated Verification of Guarded Race Conditions in Web Applications
Simon Koch, Tim Sauer, Martin Johns, Giancarlo Pellegrino
Proc. of the 35th ACM/SIGAPP Symposium on Applied Computing (SAC), 2020

Hybrid Taint Analysis for Java EE
Florian D. Loch, Martin Johns, Martin Hecker, Martin Mohr, Gregor Snelting 
Proc. of the 35th ACM/SIGAPP Symposium on Applied Computing (SAC), 2020

2019

Thieves in the Browser: Web-based Cryptojacking in the Wild  *Best Paper Award Runner-up*
Marius Musch, Christian Wressnegger, Martin Johns, and Konrad Rieck
Proc. of 14th Int. Conference on Availability, Reliability and Security (ARES), 2019

ScriptProtect: Mitigating Unsafe Third-Party JavaScript Practices
Marius Musch, Marius Steffens, Sebastian Roth, Ben Stock, and Martin Johns
Proc. of 14th ACM Asia Conference on Computer and Communications Security (ASIACCS), 2019

New Kid on the Web: A Study on the Prevalence of WebAssembly in the Wild  *Best Paper Award Runner-up*
Marius Musch, Christian Wressnegger, Martin Johns, and Konrad Rieck
Proc. of 16th Conference on Detection of Intrusions and Malware & Vulnerability Assessment (DIMVA), 2019

Don’t Trust The Locals: Investigating the Prevalence of Persistent Client-Side Cross-Site Scripting in the Wild
Marius Steffens, Christian Rossow, Martin Johns, Ben Stock
Proc. of  26th Network and Distributed System Security Symposium (NDSS'19), February 2019

2018

Towards an Automatic Generation of Low-Interaction Web Application Honeypots
Marius Musch, Martin Härterich, and Martin Johns
Proc. of 13th Int. Conference on Availability, Reliability and Security (ARES), 2018.

Web-based Cryptojacking in the Wild
Marius Musch, Christian Wressnegger, Martin Johns, and Konrad Rieck
Technical report, arXiv:1808.09474, 2018.

Photo credits on this page

For All Visitors

Vacancies of TU Braunschweig
Career Service' Job Exchange 
Merchandising

For Students

Term Dates
Courses
Degree Programmes
Information for Freshman
TUCard

Internal Tools

Glossary (GER-EN)
Change your Personal Data

Contact

Technische Universität Braunschweig
Universitätsplatz 2
38106 Braunschweig

P. O. Box: 38092 Braunschweig
GERMANY

Phone: +49 (0) 531 391-0

Getting here

© Technische Universität Braunschweig
Imprint Privacy Accessibility

TU Braunschweig uses the software Matomo for anonymised web analysis. The data serve to optimise the web offer.
You can find more information in our data protection declaration.