| 25 million flows later: large-scale detection of DOM-based XSS S Lekies, B Stock, M Johns Proceedings of the 2013 ACM SIGSAC conference on Computer & communications …, 2013 | 243 | 2013 |
| Precise client-side protection against {DOM-based}{Cross-Site} scripting B Stock, S Lekies, T Mueller, P Spiegel, M Johns 23rd USENIX Security Symposium (USENIX Security 14), 655-670, 2014 | 145 | 2014 |
| Csp is dead, long live csp! on the insecurity of whitelists and the future of content security policy L Weichselbaum, M Spagnuolo, S Lekies, A Janc Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications …, 2016 | 133 | 2016 |
| Code-reuse attacks for the web: Breaking cross-site scripting mitigations via script gadgets S Lekies, K Kotowicz, S Groß, EA Vela Nava, M Johns Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications …, 2017 | 73 | 2017 |
| From facepalm to brain bender: Exploring client-side cross-site scripting B Stock, S Pfistner, B Kaiser, S Lekies, M Johns Proceedings of the 22nd ACM SIGSAC conference on computer and communications …, 2015 | 63 | 2015 |
| The Unexpected Dangers of Dynamic {JavaScript} S Lekies, B Stock, M Wentzel, M Johns 24th USENIX Security Symposium (USENIX Security 15), 723-735, 2015 | 61 | 2015 |
| On the Fragility and Limitations of Current Browser-Provided Clickjacking Protection Schemes. S Lekies, M Heiderich, D Appelt, T Holz, M Johns WOOT 12, 2012 | 41 | 2012 |
| Lightweight integrity protection for web storage-driven content caching S Lekies, M Johns 6th Workshop on Web 2, 2012 | 39 | 2012 |
| Eradicating {DNS} Rebinding with the Extended Same-origin Policy M Johns, S Lekies, B Stock 22nd USENIX Security Symposium (USENIX Security 13), 621-636, 2013 | 32 | 2013 |
| BetterAuth: web authentication revisited M Johns, S Lekies, B Braun, B Flesch Proceedings of the 28th Annual Computer Security Applications Conference …, 2012 | 28 | 2012 |
| Secure client-side key storage for web applications S Lekies, M Johns US Patent 8,694,784, 2014 | 26 | 2014 |
| Web page integrity validation M Johns, S Lekies US Patent 9,432,383, 2016 | 23 | 2016 |
| Mutual authentication schemes S Lekies, M Johns US Patent 8,880,885, 2014 | 23 | 2014 |
| Cooperative static and dynamic analysis of web application code for finding security vulnerabilities M Johns, S Lekies, B Raethlein US Patent 9,805,203, 2017 | 22 | 2017 |
| The state of the cross-domain nation S Lekies, M Johns, W Tighzert Proceedings of the 5th Workshop on Web 2, 2011 | 20 | 2011 |
| A tale of the weaknesses of current client-side XSS filtering S Lekies, B Stock, M Johns BlackHat USA, 2014 | 15 | 2014 |
| Flexible and secure clickjacking protection mechanism S Lekies, M Johns US Patent 8,914,881, 2014 | 14 | 2014 |
| Demacro: Defense against malicious cross-domain requests S Lekies, N Nikiforakis, W Tighzert, F Piessens, M Johns Research in Attacks, Intrusions, and Defenses: 15th International Symposium …, 2012 | 13 | 2012 |
| Biting the hand that serves you: A closer look at client-side flash proxies for cross-domain requests M Johns, S Lekies International Conference on Detection of Intrusions and Malware, and …, 2011 | 13 | 2011 |
| Managing access to secured content M Johns, S Lekies US Patent 9,300,687, 2016 | 12 | 2016 |
Martin JohnsProfessor of Computer Science, TU BraunschweigGeverifieerd e-mailadres voor tu-braunschweig.de
