B. Braun, K. Pauli, J. Posegga and M. Johns, "LogSec: Adaptive Protection for the Wild Wild Web" in the 2015 ACM Symposium on Applied Computing (SAC 2015) - to appear , 2015.
B. Braun, J. Köstler, J. Posegga and M. Johns, "A Trusted UI for the Mobile Web" in 29th IFIP International Information Security and Privacy Conference (IFIP SEC 2014) , 2014.
DOI: http://dx.doi.org/10.1007/978-3-642-55415-5_11
File: http://web.sec.uni-passau.de/papers/2014_Braun_Koestler_Posegga_Johns-Trusted-UI-Mobile-Web.pdf
B. Braun, J. Köstler, M. Johns and J. Posegga, "PhishSafe: Leveraging Modern JavaScript API's for Transparent and Robust Protection" in Fourth ACM Conference on Data and Application Security and Privacy (ACM CODASPY 2014) , 2014.
B. Braun, S. Kucher, M. Johns and J. Posegga, "A User-Level Authentication Scheme to Mitigate Web Session-Based Vulnerabilities" in {Trust, Privacy and Security in Digital Business (TrustBus '12)} , Lecture Notes in Computer Science (LNCS), Springer, 2012. pp. 17-29.
DOI: http://dx.doi.org/10.1007/978-3-642-32287-7_2
ISBN: 978-3-642-32286-0
File: http://web.sec.uni-passau.de/papers/2012_Braun_Kucher_Johns_Posegga_SessionImagination.pdf
M. Johns, S. Lekies, B. Braun and B. Flesch, "BetterAuth: Web Authentication Revisited" in Proceedings of the 2012 Annual Computer Security Applications Conference (ACSAC 2012) , 2012.
DOI: http://www.acsac.org/2012/openconf/modules/request.php?module=oc_program\&action=summary.php\&id=92
File: http://web.sec.uni-passau.de/papers/2012_Johns_Lekies_Braun_Flesch-BetterAuth.pdf
M. Johns, B. Braun, M. Schrank and J. Posegga, "Reliable Protection Against Session Fixation Attacks" in Proceedings of the 2011 ACM Symposium on Applied Computing (SAC 2011) , TaiChung, Taiwan: ACM, 2011. pp. 1531--1537.
DOI: http://doi.acm.org/10.1145/1982185.1982511
ISBN: 978-1-4503-0113-8
File: http://web.sec.uni-passau.de/papers/2011_Johns_Braun_Schrank_Posegga_SAC2011_SessionFixation.pdf
M. Johns, C. Beyerlein, R. Giesecke and J. Posegga, "Secure Code Generation for Web Applications" in Proceedings of 2nd International Symposium on Engineering Secure Software and Systems (ESSoS 2010), Pisa, Italy, February 3-4, 2010. , Springer, 2010. pp. 96-113.
DOI: http://dx.doi.org/10.1007/978-3-642-11747-3_8
ISBN: 978-3-642-11746-6
M. Schrank, B. Braun, M. Johns and J. Posegga, "Session Fixation - the Forgotten Vulnerability?" in Sicherheit 2010: Sicherheit, Schutz und Zuverlässigkeit , Lecture Notes in Informatics (LNI), Springer, 2010. pp. 341-352.
DOI: http://subs.emis.de/LNI/Proceedings/Proceedings170/article5744.html
ISBN: 978-3-88579-264-2
M. Johns, "Code Injection Vulnerabilities in Web Applications - Exemplified at Cross-site Scripting", University of Passau, 2009.
M. Johns, B. Engelmann and J. Posegga, "XSSDS: Server-Side Detection of Cross-Site Scripting Attacks" in ACSAC '08: Proceedings of the 2008 Annual Computer Security Applications Conference , Washington, DC, USA: IEEE Computer Society, 2008. pp. 335--344.
DOI: http://dx.doi.org/10.1109/ACSAC.2008.36
ISBN: 978-0-7695-3447-3
M. Johns and D. Schreckling, "Automatisierter Code-Audit - Sicherheitsanalyse von Source Code in Theorie und Praxis" , Datenschutz und Datensicherheit - DuD , vol. 31, no. 12, pp. 888--893, 2007.
D. Schreckling and M. Johns, "CISAT: Integration von sicherheitszentrierter statischer Analyse in den Enwicklungsprozess" in 14. DFN-CERT Workshop Sicherheit in vernetzten Systemen , Hamburg, Germany , 2007.
File: http://web.sec.uni-passau.de/papers/2007_schreckling_johns_dfn_cert.pdf
M. Johns, "On JavaScript Malware and related threats - Web page based attacks revisited" , Journal in Computer Virology, Springer Paris , vol. 4, no. 3, pp. 161-178, 2007.
DOI: http://dx.doi.org/10.1007/s11416-007-0076-7
File: http://databasement.net/docs/johns2007c_virus_journal_paper.pdf
M. Johns and J. Winter, "Protecting the Intranet Against ''JavaScript Malware'' and Related Attacks" in Detection of Intrusions and Malware \& Vulnerability Assessment (DIMVA 2007) , Bernhard M. Haemmerli, Robin Sommer, Eds. Springer, 2007. pp. 40 -- 59.
File: http://databasement.net/docs/2007_DIMVA_Johns_Winter_Anti_JS_Malware_lncs.pdf
M. Johns and C. Beyerlein, "SMask: Preventing Injection Attacks in Web Applications by Approximating Automatic Data/Code Separation" in 22nd ACM Symposium on Applied Computing (SAC 2007), Security Track , ACM, 2007. pp. 284 - 291.
DOI: http://doi.acm.org/10.1145/1244002.1244071
File: http://databasement.net/docs/2006-ACM-SAC-string-masq_final.pdf
M. Johns, "Towards Practical Prevention of Code Injection Vulnerabilities on the Programming Language Level" , 2007.
File: http://databasement.net/docs/2007-MJ-TechReport_279.pdf
M. Johns and J. Winter, "RequestRodeo: Client Side Protection against Session Riding" in Proceedings of the OWASP Europe 2006 Conference, refereed papers track, Report CW448 , Frank Piessens, Eds. Departement Computerwetenschappen, Katholieke Universiteit Leuven, 2006. pp. 5 - 17.
File: http://databasement.net/docs/2006_owasp_RequestRodeo.pdf
M. Johns, "SessionSafe: Implementing XSS Immune Session Handling" in European Symposium on Research in Computer Security (ESORICS 2006) , Dieter Gollmann and Jan Meier and Andrei Sabelfeld, Eds. Springer, 2006. pp. 444-460.
