All your clouds are belong to us: security analysis of cloud management interfaces J Somorovsky, M Heiderich, M Jensen, J Schwenk, N Gruschka, ... Proceedings of the 3rd ACM workshop on Cloud computing security workshop, 3-14, 2011 | 241 | 2011 |
Scriptless attacks: stealing the pie without touching the sill M Heiderich, M Niemietz, F Schuster, T Holz, J Schwenk Proceedings of the 2012 ACM conference on Computer and communications …, 2012 | 134 | 2012 |
Systems and methods for client-side vulnerability scanning and detection M Heiderich, G Heyes, A Aranguren-Aznarez US Patent 8,752,183, 2014 | 97 | 2014 |
mxss attacks: Attacking well-secured web-applications by using innerhtml mutations M Heiderich, J Schwenk, T Frosch, J Magazinius, EZ Yang Proceedings of the 2013 ACM SIGSAC conference on Computer & communications …, 2013 | 85 | 2013 |
IceShield: Detection and Mitigation of Malicious Websites with a Frozen DOM M Heiderich, T Frosch, T Holz Recent Advances in Intrusion Detection: 14th International Symposium, RAID …, 2011 | 80 | 2011 |
On the Fragility and Limitations of Current Browser-Provided Clickjacking Protection Schemes. S Lekies, M Heiderich, D Appelt, T Holz, M Johns WOOT 12, 2012 | 44 | 2012 |
Crouching tiger-hidden payload: security risks of scalable vectors graphics M Heiderich, T Frosch, M Jensen, T Holz Proceedings of the 18th ACM conference on Computer and communications …, 2011 | 39 | 2011 |
Dompurify: Client-side protection against xss and markup injection M Heiderich, C Späth, J Schwenk Computer Security–ESORICS 2017: 22nd European Symposium on Research in …, 2017 | 37 | 2017 |
Towards elimination of xss attacks with a trusted and capability controlled dom M Heiderich | 30 | 2012 |
The bug that made me president a browser-and web-security case study on helios voting M Heiderich, T Frosch, M Niemietz, J Schwenk E-Voting and Identity: Third International Conference, VoteID 2011, Tallinn …, 2012 | 23 | 2012 |
Scriptless timing attacks on web browser privacy B Liang, W You, L Liu, W Shi, M Heiderich 2014 44th Annual IEEE/IFIP International Conference on Dependable Systems …, 2014 | 22 | 2014 |
Web Application Obfuscation:’-/WAFs.. Evasion.. Filters M Heiderich, E Nava, G Heyes, D Lindsay alert (/obfuscation/)-’. Syngress, 2010 | 18 | 2010 |
Scriptless attacks: Stealing more pie without touching the sill M Heiderich, M Niemietz, F Schuster, T Holz, J Schwenk Journal of Computer Security 22 (4), 567-599, 2014 | 17 | 2014 |
Web Application Obfuscation:'-/WAFs.. evasion.. filters//alert (/obfuscation/)-' M Heiderich, EAV Nava, G Heyes, D Lindsay Elsevier, 2010 | 17 | 2010 |
Html5 security cheatsheet M Heiderich 2011-01-22)[2011-11-20]. http://html5sec. org, 2011 | 14 | 2011 |
XSS-FP: Browser fingerprinting using HTML parser quirks E Abgrall, YL Traon, M Monperrus, S Gombault, M Heiderich, A Ribault arXiv preprint arXiv:1211.4812, 2012 | 13 | 2012 |
How private is your private cloud? Security analysis of cloud control interfaces D Felsch, M Heiderich, F Schulz, J Schwenk Proceedings of the 2015 ACM Workshop on Cloud Computing Security Workshop, 5-16, 2015 | 6 | 2015 |
Waiting for csp–securing legacy web applications with jsagents M Heiderich, M Niemietz, J Schwenk Computer Security--ESORICS 2015: 20th European Symposium on Research in …, 2015 | 6 | 2015 |
X-frame-options: All about clickjacking F Braun, M Heiderich Sep, 2013 | 5 | 2013 |
All your clouds are belong to us J Somorovsky, M Heiderich, M Jensen, J Schwenk, N Gruschka, ... Proceedings of the 3rd ACM Cloud Computing Security Workshop, CCSW 2011 …, 2011 | 5 | 2011 |