Martin Johns

Martin Johns

Contact Details

email martin johns
PGP: 2eb8 cf50 a0e2 5b6d 51ab d8ac 49be 5cef 9353 bba5

Tel: +49 40 42883 - 2654
Fax: +49 40 42883 - 2086

Office Address 

Universität Hamburg
Vogt-Kölln-Str. 30
D-22527 Hamburg
Room: F-605
[web]

Links

Interests

  • Additional interests:
    • Biometrics
    • PKI
    • Directory Services
Publications
  • Martin Johns: On JavaScript Malware and related threats - Web page based attacks revisited, in Journal in Computer Virology, Springer Paris, December 2007 (doi).
  • Martin Johns, Daniel Schreckling: Automatisierter Code-Audit - Sicherheitsanalyse von Source Code in Theorie und Praxis, in Datenschutz und Datensicherheit - DuD, Volume 31, Number 12, Vieweg Verlag, pp. 888-893, December 2007 (doi).
  • Martin Johns, Justus Winter: Protecting the Intranet Against "JavaScript Malware" and Related Attacks, in Detection of Intrusions and Malware & Vulnerability Assessment (DIMVA 2007), B. M. Hämmerli and R. Sommer (ed.), Springer, LNCS 4579, pp. 40-59, July 2007 (paper).
  • Martin Johns: Towards Practical Prevention of Code Injection Vulnerabilities on the Programming Language Level, Technical Report, number 279-07, University of Hamburg, May 2007 (paper).
  • Martin Johns, Christian Beyerlein: SMask: Preventing Injection Attacks in Web Applications by Approximating Automatic Data/Code Separation, 22nd ACM Symposium on Applied Computing (SAC 2007), Security Track, Seoul, Korea, March 2007 (paper).
  • Daniel Schreckling, Martin Johns, SVS Sectoolers: CISAT: Integration von sicherheitszentrierter statischer Analyse in den Enwicklungsprozess, 14. DFN-CERT Workshop "Sicherheit in vernetzten Systemen", Hamburg, Germany, February 2007 (paper)
  • Martin Johns: SessionSafe: Implementing XSS Immune Session Handling in in European Symposium on Research in Computer Security (ESORICS 2006), Gollmann, D.; Meier, J. & Sabelfeld, A. (ed.), Springer, LNCS 4189, pp. 444-460, September 2006 (paper, slides, bibtex).
  • Martin Johns, Justus Winter: RequestRodeo: Client Side Protection against Session Riding in Proceedings of the OWASP Europe 2006 Conference by Piessens, F. (ed.), Report CW448, Departement Computerwetenschappen, Katholieke Universiteit Leuven, Belgium, May 2006 (paper, slides, bibtex).
Talks
  • "Scanstud - Evaluating static analysis tools" (with Moritz Jodeit, Wolfgang Koeppl, and Martin Wimmer), OWASP AppSec 2008, May 22nd, 2008, Ghent, Belgium
  • "The three faces of CSRF", talk at the DeepSec2007 conference, November 23th 2007, Vienna, Austria (slides)
  • "Exploiting the Intranet with a Webpage", talk at the HITBSecConf2007 conference, September 3-6 2007, Kuala Lumpur, Malaysia (to appear).
  • "Towards vulnerability prevention in web applications via data/code separation", talk at the Fraunhofer First Kolloqium, June 20th 2007, Berlin, Germany
  • "Cross Site Scripting (XSS) und Session Riding (CSRF): Angriffe auf Web-Session Management - Ursachen, Konsequenzen, Gegenmaßnahmen", talk at the IICO-Congress, May 9-11 2007, Berlin, Germany (to appear).
  • "CSRF, the Intranet and You" (with Justus Winter), talk at the 23C3, December 27-30 2006, Berlin, Germany (to appear).
  • "On CSRF and why you should care", talk at the PacSec 2006 conference, November 27-30 2006, Tokio, Japan (slides english/japanese).
  • "Using the same-origin policy to disarm XSS vulnerabilities", talk at ph-neutral 0x7d6, 27th May 2006, Berlin, Germany (slides)
  • "Softwaresicherheit - Eine Forschungsperspektive" (with Joachim Posegga), talk at the Frühjahrstreffen der GI-Fachgruppe Datenbanken, 06.04.2006
  • "Finding and Preventing Buffer Overflows - An overview of static and dynamic approaches", talk at the 22C3, 27.12.2005, Berlin, Germany (slides, video)

Professional Activities

Private