| RequestRodeo: Client side protection against session riding M Johns, J Winter Proceedings of the OWASP Europe 2006 Conference, 2006 | 153 | 2006 |
| 25 million flows later: large-scale detection of DOM-based XSS S Lekies, B Stock, M Johns Proceedings of the 2013 ACM SIGSAC conference on Computer & communications …, 2013 | 148 | 2013 |
| Xssds: Server-side detection of cross-site scripting attacks M Johns, B Engelmann, J Posegga 2008 Annual Computer Security Applications Conference (ACSAC), 335-344, 2008 | 145 | 2008 |
| Plug-in privacy for smart metering billing M Jawurek, M Johns, F Kerschbaum International Symposium on Privacy Enhancing Technologies Symposium, 192-210, 2011 | 138 | 2011 |
| Security testing: A survey M Felderer, M Büchler, M Johns, AD Brucker, R Breu, A Pretschner Advances in Computers 101, 1-51, 2016 | 113 | 2016 |
| SessionShield: Lightweight protection against session hijacking N Nikiforakis, W Meert, Y Younan, M Johns, W Joosen International Symposium on Engineering Secure Software and Systems, 87-100, 2011 | 109 | 2011 |
| Smart metering de-pseudonymization M Jawurek, M Johns, K Rieck Proceedings of the 27th annual computer security applications conference …, 2011 | 104 | 2011 |
| Precise client-side protection against DOM-based cross-site scripting B Stock, S Lekies, T Mueller, P Spiegel, M Johns 23rd {USENIX} Security Symposium ({USENIX} Security 14), 655-670, 2014 | 96 | 2014 |
| On JavaScript malware and related threats M Johns Journal in Computer Virology 4 (3), 161-178, 2008 | 71 | 2008 |
| SessionSafe: Implementing XSS immune session handling M Johns European Symposium on Research in Computer Security, 444-460, 2006 | 60 | 2006 |
| Hey, you have a problem: On the feasibility of large-scale web vulnerability notification B Stock, G Pellegrino, C Rossow, M Johns, M Backes 25th {USENIX} Security Symposium ({USENIX} Security 16), 1015-1032, 2016 | 58 | 2016 |
| Code-injection vulnerabilities in web applications—exemplified at cross-site scripting M Johns it-Information Technology 53 (5), 256-260, 2011 | 57 | 2011 |
| Reliable protection against session fixation attacks M Johns, B Braun, M Schrank, J Posegga Proceedings of the 2011 ACM Symposium on Applied Computing, 1531-1537, 2011 | 50 | 2011 |
| Secure code generation for web applications M Johns, C Beyerlein, R Giesecke, J Posegga International Symposium on Engineering Secure Software and Systems, 96-113, 2010 | 43 | 2010 |
| SMask: preventing injection attacks in Web applications by approximating automatic data/code separation M Johns, C Beyerlein Proceedings of the 2007 ACM symposium on Applied computing, 284-291, 2007 | 40 | 2007 |
| From facepalm to brain bender: Exploring client-side cross-site scripting B Stock, S Pfistner, B Kaiser, S Lekies, M Johns Proceedings of the 22nd ACM SIGSAC conference on computer and communications …, 2015 | 38 | 2015 |
| The unexpected dangers of dynamic javascript S Lekies, B Stock, M Wentzel, M Johns 24th {USENIX} Security Symposium ({USENIX} Security 15), 723-735, 2015 | 37 | 2015 |
| On the fragility and limitations of current Browser-provided Clickjacking protection schemes S Lekies, M Heiderich, D Appelt, T Holz, M Johns USENIX Workshop on Offensive Technologies (WOOT '12), 2012 | 37 | 2012 |
| Code-reuse attacks for the web: Breaking cross-site scripting mitigations via script gadgets S Lekies, K Kotowicz, S Groß, EA Vela Nava, M Johns Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications …, 2017 | 35 | 2017 |
| Usb device drivers: A stepping stone into your kernel M Jodeit, M Johns 2010 European Conference on Computer Network Defense, 46-52, 2010 | 34 | 2010 |
Ben StockCISPA Helmholtz Center for Information SecurityVerified email at cispa.de
