| RequestRodeo: Client side protection against session riding M Johns, J Winter Proceedings of the OWASP Europe 2006 Conference, 2006 | 145 | 2006 |
| Xssds: Server-side detection of cross-site scripting attacks M Johns, B Engelmann, J Posegga 2008 Annual Computer Security Applications Conference (ACSAC), 335-344, 2008 | 138 | 2008 |
| Plug-in privacy for smart metering billing M Jawurek, M Johns, F Kerschbaum International Symposium on Privacy Enhancing Technologies Symposium, 192-210, 2011 | 132 | 2011 |
| 25 million flows later: Large-scale detection of DOM-based XSS S Lekies, B Stock, M Johns Proceedings of the 2013 ACM SIGSAC conference on Computer & communications …, 2013 | 131 | 2013 |
| Smart metering de-pseudonymization M Jawurek, M Johns, K Rieck Proceedings of the 27th annual computer security applications conference …, 2011 | 103 | 2011 |
| SessionShield: Lightweight protection against session hijacking N Nikiforakis, W Meert, Y Younan, M Johns, W Joosen International Symposium on Engineering Secure Software and Systems, 87-100, 2011 | 101 | 2011 |
| Security testing: A survey M Felderer, M Büchler, M Johns, AD Brucker, R Breu, A Pretschner Advances in Computers 101, 1-51, 2016 | 87 | 2016 |
| Precise client-side protection against DOM-based cross-site scripting B Stock, S Lekies, T Mueller, P Spiegel, M Johns 23rd {USENIX} Security Symposium ({USENIX} Security 14), 655-670, 2014 | 85 | 2014 |
| On JavaScript malware and related threats M Johns Journal in Computer Virology 4 (3), 161-178, 2008 | 68 | 2008 |
| SessionSafe: Implementing XSS immune session handling M Johns European Symposium on Research in Computer Security, 444-460, 2006 | 59 | 2006 |
| Code injection vulnerabilities in web applications-exemplified at cross-site scripting M Johns | 54 | 2011 |
| Hey, you have a problem: On the feasibility of large-scale web vulnerability notification B Stock, G Pellegrino, C Rossow, M Johns, M Backes 25th {USENIX} Security Symposium ({USENIX} Security 16), 1015-1032, 2016 | 49 | 2016 |
| Reliable protection against session fixation attacks M Johns, B Braun, M Schrank, J Posegga Proceedings of the 2011 ACM Symposium on Applied Computing, 1531-1537, 2011 | 45 | 2011 |
| Secure code generation for web applications M Johns, C Beyerlein, R Giesecke, J Posegga International Symposium on Engineering Secure Software and Systems, 96-113, 2010 | 44 | 2010 |
| SMask: preventing injection attacks in web applications by approximating automatic data/code separation M Johns, C Beyerlein Proceedings of the 2007 ACM symposium on Applied computing, 284-291, 2007 | 39 | 2007 |
| On the fragility and limitations of current Browser-provided Clickjacking protection schemes S Lekies, M Heiderich, D Appelt, T Holz, M Johns USENIX Workshop on Offensive Technologies (WOOT '12), 2012 | 35 | 2012 |
| Protecting users against XSS-based password manager abuse B Stock, M Johns Proceedings of the 9th ACM symposium on Information, computer and …, 2014 | 32 | 2014 |
| From facepalm to brain bender: Exploring client-side cross-site scripting B Stock, S Pfistner, B Kaiser, S Lekies, M Johns Proceedings of the 22nd ACM SIGSAC conference on computer and communications …, 2015 | 31 | 2015 |
| The unexpected dangers of dynamic javascript S Lekies, B Stock, M Wentzel, M Johns 24th {USENIX} Security Symposium ({USENIX} Security 15), 723-735, 2015 | 31 | 2015 |
| Lightweight Integrity Protection for Web Storage-driven Content Caching S Lekies, M Johns 6th Workshop on Web 2.0 Security and Privacy (W2SP 2012), 2012 | 30 | 2012 |
Ben StockCISPA Helmholtz Center for Information SecurityVerified email at cispa.saarland
