23C3 - 1.5
23rd Chaos Communication Congress
Who can you trust?
Veranstaltungen | |
---|---|
CSRF, the Intranet and You |
Martin Johns
Web-Security researcher at the University of Hamburg.
Martin Johns studied Mathematics and Computer Science at the Universities of Göttingen, Santa Cruz (CA) and Hamburg where he received his diploma in 2003. During the 1990ties and the early years of the new millennium he earned his living as a software engineer in German companies (including Infoseek Germany, TC Trustcenter and SAP). 2005 he joined the "security in distributed systems" group at the University of Hamburg to work on the project "Secologic", which is investigating the state of the art in software security. Furthermore he is NerdNr1 of the radio show NerdAlert (http://www.nerdalert.de) in Hamburg.
Recent publications and talks:
- "SessionSafe: Implementing XSS Immune Session Handling" in Proceedings of ESORICS 2006 by Gollmann, D. & Sabelfeld, A. (ed.), September 2006, Hamburg, Germany
- "RequestRodeo: Client Side Protection against Session Riding" (with Justus Winter) in Proceedings of the OWASP Europe 2006 Conference by Piessens, F. (ed.), Report CW448, Departement Computerwetenschappen, Katholieke Universiteit Leuven, Belgium, May 2006
- "Using the same-origin policy to disarm XSS vulnerabilities", talk at ph-neutral 0x7d6, 27th May 2006, Berlin, Germany
- "Finding and Preventing Buffer Overflows - An overview of static and dynamic approaches", talk at the 22C3, 27. December 2005, Berlin, Germany
Contact
johns at informatik dot uni-hamburg dot de