Accept All Exploits: Exploring the Security Impact of Cookie Banners
David Klein*, Marius Musch*, Thomas Barber, Moritz Kopmann, and Martin Johns
To appear in the 37th Annual Computer Security Applications Conference (ACSAC), 2022
No Keys to the Kingdom Required: A Comprehensive Investigation of Missing Authentication Vulnerabilities in the Wild
Manuel Karl*, Marius Musch*, Guoli Ma, Martin Johns, and Sebastian Lekies
To appear in the 22nd Internet Measurement Conference (IMC), 2022
Keeping Privacy Labels Honest: Developer conformity to self declared data collection via Apple Privacy Labels
Simon Koch, Malte Wessels, Benjamin Altpeter, Madita Olvermann, and Martin Johns
To appear in the 22nd Privacy Enhancing Technologies Symposium (PETS), 2022 [pdf]
Hand Sanitizers in the Wild: A Large-scale Study of Custom JavaScript Sanitizer Functions
David Klein, Thomas Barber, Souphiane Bensalim, Ben Stock, and Martin Johns
Proc. of the IEEE European Symposium on Security and Privacy (Euro S&P 2022) [BIB]
Server-Side Browsers: Exploring the Web’s Hidden Attack Surface
Marius Musch, Robin Kirchner, Max Boll, and Martin Johns
Proc. of the 17th ACM Asia Conference on Computer and Communications Security (ASIA CCS), 2022.
U Can’t Debug This: Detecting JavaScript Anti-Debugging Techniques in the Wild
Marius Musch and Martin Johns
Proc. of the 30th USENIX Security Symposium, 2021.
LogPicker: Strengthening Certificate Transparency Against Covert Adversaries
Alexandra Dirksen, David Klein, Robert Michael, Tilman Stehr, Konrad Rieck and Martin Johns.
Proceedings on Privacy Enhancing Technologies (PETS'21) [BIB]
Talking About My Generation: Targeted DOM-based XSS Exploit Generation using Dynamic Data Flow Analysis
Souphiane Bensalim, David Klein, Thomas Barber, Martin Johns
Proceedings of the 14th European Workshop on Systems Security (EuroSec '21) [BIB]
Who’s Hosting the Block Party? Studying Third-Party Blockage of CSP and SRI
Marius Steffens, Marius Musch, Martin Johns, and Ben Stock
Network and Distributed System Security Symposium (NDSS), 2021.
Towards Enabling Secure Web-based Cloud Services using Client-side Encryption
Martin Johns, Alexandra Dirksen
Proceedings of ACM Workshop on Cloud Computing Security (CCSW’20) [BIB]
Adversarial Preprocessing: Understanding and Preventing Image-Scaling Attacks in Machine Learning
Erwin Quiring, David Klein, Daniel Arp, Martin Johns and Konrad Rieck
Proc. of the 29th USENIX Security Symposium, August 2020 [BIB]
Raccoon: Automated Verification of Guarded Race Conditions in Web Applications
Simon Koch, Tim Sauer, Martin Johns, Giancarlo Pellegrino
Proc. of the 35th ACM/SIGAPP Symposium on Applied Computing (SAC), 2020
Hybrid Taint Analysis for Java EE
Florian D. Loch, Martin Johns, Martin Hecker, Martin Mohr, Gregor Snelting
Proc. of the 35th ACM/SIGAPP Symposium on Applied Computing (SAC), 2020
Thieves in the Browser: Web-based Cryptojacking in the Wild *Best Paper Award Runner-up*
Marius Musch, Christian Wressnegger, Martin Johns, and Konrad Rieck
Proc. of 14th Int. Conference on Availability, Reliability and Security (ARES), 2019.
ScriptProtect: Mitigating Unsafe Third-Party JavaScript Practices
Marius Musch, Marius Steffens, Sebastian Roth, Ben Stock, and Martin Johns
Proc. of 14th ACM Asia Conference on Computer and Communications Security (ASIACCS), 2019.
New Kid on the Web: A Study on the Prevalence of WebAssembly in the Wild *Best Paper Award Runner-up*
Marius Musch, Christian Wressnegger, Martin Johns, and Konrad Rieck
Proc. of 16th Conference on Detection of Intrusions and Malware & Vulnerability Assessment (DIMVA), 2019.
Don’t Trust The Locals: Investigating the Prevalence of Persistent Client-Side Cross-Site Scripting in the Wild
Marius Steffens, Christian Rossow, Martin Johns, Ben Stock
Proc. of 26th Network and Distributed System Security Symposium (NDSS'19), February 2019
Towards an Automatic Generation of Low-Interaction Web Application Honeypots
Marius Musch, Martin Härterich, and Martin Johns
Proc. of 13th Int. Conference on Availability, Reliability and Security (ARES), 2018.
Web-based Cryptojacking in the Wild
Marius Musch, Christian Wressnegger, Martin Johns, and Konrad Rieck
Technical report, arXiv:1808.09474, 2018.