B
Bastian Braun
Researcher at University of Passau
Publications - 13
Citations - 108
Bastian Braun is an academic researcher from University of Passau. The author has contributed to research in topics: Web application & Web application security. The author has an hindex of 5, co-authored 13 publications receiving 100 citations. Previous affiliations of Bastian Braun include University of Hamburg.
Papers
More filters
Proceedings ArticleDOI
Reliable protection against session fixation attacks
TL;DR: This work analyses the vulnerability pattern and identifies its root cause in the separation of concerns between the application logic, which is responsible for the authentication processes, and the framework support, which handles the task of session tracking.
Proceedings ArticleDOI
BetterAuth: web authentication revisited
TL;DR: BetterAuth addresses existing attacks on Web authentication, ranging from network attacks to Cross-site Request Forgery up to Phishing, and can be realized completely in standard JavaScript, allowing Web applications an early adoption, even in a situation with limited browser support.
Book ChapterDOI
Control-Flow integrity in web applications
TL;DR: The approach is provided, a control-flow monitor that is applicable to legacy as well as newly developed web applications and provides guarantees to the web application concerning the sequence of incoming requests and carried parameters, and induces a negligible overhead.
Session Fixation - The Forgotten Vulnerability?
TL;DR: This work gives an analysis of the root causes and document existing attack vectors of Session Fixation, and presents a transparent server-side method for mitigating vulnerabilities.
Proceedings ArticleDOI
PhishSafe: leveraging modern JavaScript API's for transparent and robust protection
TL;DR: It is shown how modern JavaScript API's can be utilized to build PhishSafe, a robust authentication scheme, that is immune against phishing attacks, easily deployable using the current browser generation, and requires little change in the end-user's interaction with the application.