Hackmanit veranstaltet die gemeinnützige IT-Security Konferenz RuhrSec. Die RuhrSec wird jährlich an der Ruhr-Universität in Bochum ausgerichtet und ist international bekannt. Darüber hinaus halten die Mitarbeiter regelmäßig internationale Fachvorträge und Schulungen (u. a. in Europa, Asien und Nordamerika) und haben an der Identifizierung zahlreicher bekannter Schwachstellen mitgewirkt.
RuhrSec
RuhrSec ist die IT-Security Konferenz an der Ruhr-Universität Bochum in unmittelbarer Nähe zur Ruhr. Seit die Konferenz 2016 von Hackmanit geschaffen wurde hat sie sich als einzigartige internationale Konferenz im Herzen des Ruhrgebiets etabliert und erfreut sich stetig wachsender Beliebtheit. Angefangen mit über 150 Teilnehmern in 2016, stieg die Teilnehmerzahl 2017 bereits auf 185. Bei der dritten Ausgabe im Jahr 2018 war die Konferenz mit 216 Teilnehmern ausverkauft. Die hochkarätigen Vortragenden sind für ihre Fachexpertise bekannt und stammen aus dem industriellen sowie akademischen Umfeld.
Internet Standards
- RFC 9207: OAuth 2.0 Authorization Server Issuer Identification. Karsten Meyer zu Selhausen und Daniel Fett, Internet Engineering Task Force, 2022 (RFC)
Öffentliche Penetrationstests & Gutachten
Bitte beachten Sie, dass alle Dokumente auf ausdrücklichen Wunsch der Auftraggeber veröffentlicht wurden.
-
- Source Code Analysis and Penetration Test Report: SURF – Java SAML IdP Bibliothek "openconext-saml-java"; Karsten Meyer zu Selhausen, Juraj Somorovsky (PDF)
-
- Penetration Test Report: WAYF Identity Provider (SAML and OpenID Connect); Karsten Meyer zu Selhausen, Maximilian Hildebrand, Sebastian Krause, Juraj Somorovsky (PDF)
- Interoperability between Messaging Services: Secure Implementation of Encryption; Bundesnetzagentur, Hackmanit GmbH (Jörg Schwenk, Paul Rösler) (Link, PDF)
-
- Open Penetration Test Report: KeeWeb; Marcus Niemietz, Karsten Meyer zu Selhausen, Christian Mainka, Juraj Somorovsky (PDF)
- Penetration Test Report: DENIC ID Relying Party - Member Login; Juraj Somorovsky, Karsten Meyer zu Selhausen, Mario Korth, Vladislav Mladenov, Christian Mainka (PDF)
- Penetration Test Report: DENIC ID; Juraj Somorovsky, Karsten Meyer zu Selhausen, Vladislav Mladenov, Mario Korth (PDF)
- Sichere Implementierung einer allgemeinen Kryptobibliothek; Bundesamt für Sicherheit in der Informationstechnik, Rohde & Schwarz Cybersecurity (Daniel Neus, Kai Michaelis, René Korthaus, Philipp Weber), Hackmanit GmbH (Christian Mainka, Matthias Gierlings, Jörg Schwenk, Juraj Somorovsky, Tobias Niemann) (PDF)
- Quellcode-basierte Untersuchung von kryptographisch relevanten Aspekten der OpenSSL-Bibliothek; Bundesamt für Sicherheit in der Informationstechnik, Rohde & Schwarz Cybersecurity (Wolfgang Meyer zu Bergsten, René Korthaus), Hackmanit GmbH (Juraj Somorovsky, Christian Mainka, Jörg Schwenk) (Link)
Wissenschaftliche Veröffentlichungen
-
- Distinguished Paper Award Winner and Distinguished Artifact Award Winner – Terrapin Attack: Breaking SSH Channel Integrity By Sequence Number Manipulation; Fabian Bäumer, Marcus Brinkmann, and Jörg Schwenk, Ruhr University Bochum – 33rd USENIX Security Symposium (Link / PDF)
- Security Analysis of BigBlueButton and eduMEET; N. Heitmann, H. Siewert, S. Moog, J. Somorovsky, in: Applied Cryptography and Network Security (Springer PDF)
- Turning Attacks into Advantages: Evading HTTP Censorship with HTTP Request Smuggling; P. Müller, N. Niere, F. Lange, J. Somorovsky, in: Proceedings on Privacy Enhancing Technologies (PDF)
- SoK: SSO-MONITOR — The Current State and Future Research Directions in Single Sign-On Security Measurements; Louis Jannett, Maximilian Westers, Tobias Wich, Christian Mainka, Andreas Mayer, and Vladislav Mladenov - In European Symposium on Security and Privacy (Euro S&P), Vienna, Austria (Link / PDF)
-
- Finding All Cross-Site Needles in the DOM Stack: A Comprehensive Methodology for the Automatic XS-Leak Detection in Web Browsers; Dominik Noß, Lukas Knittel, Christian Mainka, Marcus Niemietz, Jörg Schwenk - 28th ACM Conference on Computer and Communications Security (CCS)
- Every Signature Is Broken: On the Insecurity of Microsoft Office’s OOXML Signatures; Simon Rohlmann, Vladislav Mladenov, Christian Mainka, Daniel Hirschberger, Jörg Schwenk - 32nd USENIX Security Symposium (PDF)
- We Really Need to Talk About Session Tickets: A Large-Scale Analysis of Cryptographic Dangers with TLS Session Tickets; Sven Niclas Hebrok, Simon Nachtigall, Marcel Maehren, Nurullah Erinola, Robert Merget, Juraj Somorovsky, Jörg Schwenk - 32nd USENIX Security Symposium, 2023. (PDF)
- Financial-grade API (FAPI) – PSD2-konforme Absicherung von APIs im Finanzsektor; Johanna Schenkel, Christian Mainka - Datenschutz und Datensicherheit (DuD, Volume 47, 2023) (Link)
-
- On the Security of Parsing Security-Relevant HTTP Headers in Modern Browsers; Hendrik Siewert, Martin Kretschmer, Marcus Niemietz, Juraj Somorovsky - 2022 IEEE Security and Privacy Workshops (SPW) (Link)
- "I don' know why I check this..." - Investigating Expert Users' Strategies to Detect Email Signature Spoofing Attacks; Peter Mayer, Damian Poddebniak, Konstantin Fischer, Marcus Brinkmann, Juraj Somorovsky, Angela Sasse, Sebastian Schinzel, Melanie Volkamer - 18th Symposium on Usable Privacy and Security (SOUPS 2022) (PDF)
- "DISTINCT: Identity Theft using In-Browser Communications in Dual-Window Single Sign-On; Louis Jannett, Vladislav Mladenov, Christian Mainka, Jörg Schwenk - 29th ACM Conference on Computer and Communications Security (CCS) (PDF)
- "TLS-Anvil: Adapting Combinatorial Testing for TLS Libraries; Marcel Maehren, Philipp Nieting, Sven Hebrok, Robert Merget, Juraj Somorovsky, Jörg Schwenk - 31st USENIX Security Symposium (PDF)
- "Oops... Code Execution and Content Spoofing: The First Comprehensive Analysis of OpenDocument Signatures; Simon Rohlmann, Christian Mainka, Vladislav Mladenov, Jörg Schwenk - 31st USENIX Security Symposium (PDF)
- XSinator.com: From a Formal Model to the Automatic Evaluation of Cross-Site Leaks in Web Browsers; Lukas Knittel, Christian Mainka, Marcus Niemietz, Dominik Trevor Noß, Jörg Schwenk - 28th ACM Conference on Computer and Communications Security (CCS) (PDF)
- ALPACA: Application Layer Protocol Confusion - Analyzing and Mitigating Cracks in TLS Authentication; Marcus Brinkmann, Christian Dresen, Robert Merget, Damian Poddebniak, Jens Müller, Juraj Somorovsky, Jörg Schwenk, Sebastian Schinzel - 30th USENIX Security Symposium (PDF)
- Raccoon Attack: Finding and Exploiting Most-Significant-Bit-Oracles in TLS-DH(E); Robert Merget, Marcus Brinkmann, Nimrod Aviram, Juraj Somorovsky, Johannes Mittmann, Jörg Schwenk - 30th USENIX Security Symposium (PDF)
- Processing Dangerous Paths - On Security and Privacy of the Portable Document Format; Jens Müller, Dominik Noß, Christian Mainka, Vladislav Mladenov, Jörg Schwenk - 28th Network and Distributed System Security Symposium (NDSS 2021) (PDF)
- Shadow Attacks: Hiding and Replacing Content in Signed PDFs; Christian Mainka, Vladislav Mladenov, Simon Rohlmann - 28th Network and Distributed System Security Symposium (NDSS 2021) (PDF)
- Over 100 Bugs in a Row: Security Analysis of the Top-Rated Joomla Extensions; Marcus Niemietz, Mario Korth, Christian Mainka, Juraj Somorovsky - arXiv:2102.03131 (PDF)
- Automated Detection of Side Channels in Cryptographic Protocols: DROWN the ROBOTs!; Jan Peter Drees, Pritha Gupta, Eyke Hüllermeier, Tibor Jager, Alexander Konze, Claudia Priesterjahn, Arunselvan Ramaswamy, Juraj Somorovsky - 14th ACM Workshop on Artificial Intelligence and Security (PDF)
- Mitigation of Attacks on Email End-to-End Encryption; Jörg Schwenk, Marcus Brinkmann, Damian Poddebniak, Jens Müller, Juraj Somorovsky, Sebastian Schinzel - 27th ACM Conference on Computer and Communications Security (CCS) (PDF)
- Analysis of DTLS Implementations Using Protocol State Fuzzing; Paul Fiterau Brostean, Bengt Jonsson, Robert Merget, Joeri de Ruiter, Konstantinos Sagonas, Juraj Somorovsky - 29th USENIX Security Symposium (PDF)
- Office Document Security and Privacy; Jens Müller, Fabian Ising, Vladislav Mladenov, Christian Mainka, Sebastian Schinzel, Jörg Schwenk - 14th USENIX Workshop on Offensive Technologies (WOOT 2020) (PDF)
- Vulnerability Report: Attacks bypassing the signature validation in PDF (Shadow Attacks); Christian Mainka, Vladislav Mladenov, Simon Rohlmann, Jörg Schwenk (PDF)
- Practical Decryption exFiltration: Breaking PDF Encryption; Jens Müller, Fabian Ising, Vladislav Mladenov, Christian Mainka, Sebastian Schinzel, Jörg Schwenk - 26th ACM Conference on Computer and Communications Security (CCS) (PDF)
- 1 Trillion Dollar Refund – How To Spoof PDF Signatures; Vladislav Mladenov, Christian Mainka, Karsten Meyer zu Selhausen, Martin Grothe, Jörg Schwenk - 26th ACM Conference on Computer and Communications Security (CCS) (PDF)
- "Johnny, you are fired!" – Spoofing OpenPGP and S/MIME Signatures in Emails; Jens Müller, Marcus Brinkmann, Damian Poddebniak, Hanno Böck, Sebastian Schinzel, Juraj Somorovsky, Jörg Schwenk - 28th USENIX Security Symposium (PDF)
- Scalable Scanning and Automatic Classification of TLS Padding Oracle Vulnerabilities; Robert Merget, Juraj Somorovsky, Nimrod Aviram, Craig Young, Janis Fliegenschmidt, Jörg Schwenk, Yuval Shavitt - 28th USENIX Security Symposium (PDF)
- Sicherheitsanalyse von eID/eIDAS-Diensten; Nils Engelbertz, Nurullah Erinola, David Herring, Juraj Somorovsky, Vladislav Mladenov, Jörg Schwenk - 16. Deutscher IT-Sicherheitskongress
- Security Analysis of XAdES Validation in the CEF Digital Signature Services (DSS); Nils Engelbertz, Vladislav Mladenov, Juraj Somorovsky, Nurullah Erinnola, David Herring, Jörg Schwenk - Lecture Notes in Informatics (LNI), Gesellschaft für Informatik (PDF)
- Prime and Prejudice: Primality Testing Under Adversarial Conditions; Martin R. Albrecht, Jake Massimo, Kenneth G. Paterson, Juraj Somorovsky - 25th ACM Conference on Computer and Communications Security (CCS) (PDF)
- Efail: Breaking S/MIME and OpenPGP Email Encryption using Exfiltration Channels; Damian Poddebniak, Christian Dresen, Jens Müller, Fabian Ising, Sebastian Schinzel, Simon Friedberger, Juraj Somorovsky, Jörg Schwenk - 27th USENIX Security Symposium (PDF)
- Return Of Bleichenbacher’s Oracle Threat (ROBOT); Hanno Böck, Juraj Somorovsky, Craig Young - 27th USENIX Security Symposium (PDF)
- Security Analysis of eIDAS – The Cross-Country Authentication Scheme in Europe; Nils Engelbertz, Nurullah Erinola, David Herring, Vladislav Mladenov, Juraj Somorovsky, Jörg Schwenk - 12th USENIX Workshop on Offensive Technologies (WOOT '18) (PDF)
- Attacking Deterministic Signature Schemes using Fault Attacks; Damian Poddebniak, Juraj Somorovsky, Sebastian Schinzel, Manfred Lochter, Paul Rösler - IEEE European Symposium on Security and Privacy, EuroS&P 2018 (PDF)
- More is Less: On the End-to-End Security of Group Chats in Signal, WhatsApp, and Threema; Paul Rösler, Christian Mainka, Jörg Schwenk - IEEE European Symposium on Security and Privacy, EuroS&P 2018 (PDF)
- SoK: Exploiting Network Printers; Jens Müller, Vladislav Mladenov, Juraj Somorovsky, Jörg Schwenk - 38th IEEE Symposium on Security and Privacy (S&P 2017) (PDF)
- Breaking and Fixing Gridcoin; Martin Grothe, Tobias Niemann, Juraj Somorovsky, Jörg Schwenk - 11th USENIX Workshop on Offensive Technologies (WOOT '17) (PDF)
- On The (In-)Security Of JavaScript Object Signing And Encryption; Dennis Detering, Juraj Somorovsky, Christian Mainka, Vladislav Mladenov, Jörg Schwenk - ROOTS, November 16–17, 2017, Vienna, Austria (PDF)
- Same-Origin Policy: Evaluation in Modern Browsers; Jörg Schwenk, Marcus Niemietz, Christian Mainka - 26th USENIX Security Symposium (PDF)
- SECRET: On the Feasibility of a Secure, Efficient, and Collaborative RealTime Web Editor; Dennis Felsch, Christian Mainka, Vladislav Mladenov, Jörg Schwenk - ACM Asia Conference on Computer and Communications Security (ASIACCS) 2017 (PDF)
- SoK: Single Sign-On Security – An Evaluation of OpenID Connect; Christian Mainka, Vladislav Mladenov, Tobias Wich, Jörg Schwenk - IEEE European Symposium on Security and Privacy (EuroS&P 2017) (PDF)
- Out of the Dark: UI Redressing and Trustworthy Events; Marcus Niemietz, Jörg Schwenk - 16th International Conference on Cryptology And Network Security (CANS 2017)(PDF)
- DROWN: Breaking TLS using SSLv2/em>; Nimrod Aviram, Sebastian Schinzel, Juraj Somorovsky, Nadia Heninger, Maik Dankel, Jens Steube, Luke Valenta, David Adrian, J. Alex Halderman, Viktor Dukhovni, Emilia Käsper, Shaanan Cohney, Susanne Engels, Christof Paar, Yuval Shavitt - 25th USENIX Security Symposium (PDF)
- Nonce-Disrespecting Adversaries: Practical Forgery Attacks on GCM in TLS/em>; Hanno Böck, Aaron Zauner, Sean Devlin, Juraj Somorovsky, Philipp Jovanovic - WOOT 2016 (PDF)
- Systematic Fuzzing and Testing of TLS Libraries; Juraj Somorovsky - 23th ACM Conference on Computer and Communications Security (CCS) (PDF)
- SoK: XML Parser Vulnerabilities; Christopher Späth, Christian Mainka, Vladislav Mladenov, Jörg Schwenk - 10th USENIX Workshop on Offensive Technologies (WOOT '16) (PDF)
- How to Break Microsoft Rights Management Services; Martin Grothe, Christian Mainka, Paul Rösler, Jörg Schwenk - 10th USENIX Workshop on Offensive Technologies (WOOT '16) (PDF)
- Your Cloud in my Company: Modern Rights Management Services Revisited; Martin Grothe, Paul Rösler, Johanna Jupke, Jan Kaiser, Christian Mainka, Jörg Schwenk - 11th International Conference on Availability, Reliability and Security (ARES 2016) (PDF)
- Do not trust me: Using malicious IdPs for analyzing and attacking Single Sign-On; Christian Mainka, Vladislav Mladenov, Jörg Schwenk - IEEE European Symposium on Security and Privacy (EuroS&P 2016) (PDF)
- How Secure is TextSecure?; Tilman Frosch, Christian Mainka, Christoph Bader, Florian Bergsma, Jörg Schwenk, Thorsten Holz - IEEE European Symposium on Security and Privacy (EuroS&P 2016 (PDF)
- Attacks on OpenID Connect; Vladislav Mladenov, Christian Mainka (PDF)
- AdIDoS - Adaptive and Intelligent Fully-Automatic Detection of Denial-of-Service Weaknesses in Web Services; Christian Altmeier, Christian Mainka, Juraj Somorovsky, Jörg Schwenk - International Workshop on Quantitative Aspects of Security Assurance (QASA), Vienna, Austria, 2015 (PDF)
- On the Security of TLS 1.3 and QUIC Against Weaknesses in PKCS#1 v1.5 Encryption; Tibor Jager, Jörg Schwenk, Juraj Somorovsky - 22th ACM Conference on Computer and Communications Security (CCS) (PDF)
- Practical Invalid Curve Attacks on TLS-ECDH; Tibor Jager, Jörg Schwenk, Juraj Somorovsky - ESORICS 2015 (PDF)
- Not so Smart: On Smart TV Apps; Marcus Niemietz, Juraj Somorovsky, Christian Mainka, Jörg Schwenk - International Workshop on Secure Internet of Things (SIoT 2015, Vienna, Austria) (PDF)
- How to Break XML Encryption - Automatically; Dennis Kupser, Christian Mainka, Jörg Schwenk, Juraj Somorovsky - 9th USENIX Workshop on Offensive Technologies (WOOT), 2015 (PDF)
- Automatic Recognition, Processing and Attacking of Single Sign-On Protocols with Burp Suite; Christian Mainka, Vladislav Mladenov, Tim Guenther, Jörg Schwenk - Open Identity Summit 2015 (PDF)
- Waiting for CSP — Securing Legacy Web Applications with JSAgents; Mario Heiderich, Marcus Niemietz, Jörg Schwenk - Waiting for CSP — Securing Legacy Web Applications with JSAgents, ESORICS 2015, 20th European Symposium on Research in Computer Security (Info)
- Owning Your Home Network: Router Security Revisited; Marcus Niemietz, Jörg Schwenk - W2SP 2015: Web 2.0 Security & Privacy 2015 (San Jose, California) (PDF)
- Revisiting SSL/TLS Implementations: New Bleichenbacher Side Channels and Attacks; Christopher Meyer, Juraj Somorovsky, Jörg Schwenk, Eugen Weiss, Sebastian Schinzel, Erik Tews - 23th USENIX Security Symposium (PDF)
- Your Software at my Service; Vladislav Mladenov, Christian Mainka, Florian Feldmann, Julian Krautwald, Jörg Schwenk - ACM CCSW 2014 in conjunction with the ACM Conference on Computer and Communications Security (CCS) November 7, 2014, The Scottsdale Plaza Resort, Scottsdale, Arizona, USA. (PDF)
- How Secure is TextSecure?; Tilman Frosch, Christian Mainka, Christoph Bader, Florian Bergsma, Jörg Schwenk, Thorsten Holz - Cryptology ePrint Archive, Report 2014/904, 31 Oct 2014 (PDF)
- Guardians of the Clouds: When Identity Providers Fail; Andreas Mayer, Marcus Niemietz, Vladislav Mladenov, Jörg Schwenk - ACM CCSW 2014 in conjunction with the ACM Conference on Computer and Communications Security (CCS) November 7, 2014, The Scottsdale Plaza Resort, Scottsdale, Arizona, USA. (PDF)
- Scriptless attacks: Stealing more pie without touching the sill; Mario Heiderich, Marcus Niemietz, Felix Schuster, Thorsten Holz, Jörg Schwenk - Journal of Computer Security, Volume 22, Number 4 / 2014, Web Application Security – Web @ 25.
- One Bad Apple: Backwards Compatibility Attacks on State-of-the-Art Cryptography; Tibor Jager, Kenneth G. Paterson, Juraj Somorovsky - Network and Distributed System Security Symposium (NDSS), 2013 (PDF)
- On the Insecurity of XML Security; Juraj Somorovsky - PhD Thesis Supervisors: Jörg Schwenk, Kenneth G. Paterson (PDF)
- A new Approach towards DoS Penetration Testing on Web Services; Andreas Falkenberg, Christian Mainka, Juraj Somorovsky, Jörg Schwenk - IEEE 20th International Conference on Web Services (IEEE ICWS 2013) (PDF)
- Penetration Test Tool for XML-based Web Services; Christian Mainka, Vladislav Mladenov, Juraj Somorovsky, Jörg Schwenk - International Symposium on Engineering Secure Software and Systems 2013 (PDF)
- A new approach for WS-Policy Intersection using Partial Ordered Sets; Abeer Elsafie, Christian Mainka, Jörg Schwenk - 5th Central European Workshop on Services and their Composition, ZEUS 2013 February 21-22, 2013, Rostock, Germany (PDF)
- UI Redressing Attacks on Android Devices; Marcus Niemietz, Jörg Schwenk - Black Hat Abu Dhabi 2012.
- Scriptless Attacks – Stealing the Pie Without Touching the Sill; Mario Heiderich, Marcus Niemietz, Felix Schuster, Thorsten Holz, Jörg Schwenk - 19th ACM Conference on Computer and Communications Security (CCS), Raleigh, NC, October 2012 (PDF)
- Penetration Testing Tool for Web Services Security; Christian Mainka, Juraj Somorovsky, Jörg Schwenk - In Proceeding of the IEEE 2012 Services Workshop on Security and Privacy Engineering (SPE2012) (PDF)
- XSpRES: Robust and Effective XML Signatures for Web Services; Christian Mainka, Meiko Jensen, Lo Iacono, Luigi, Jörg Schwenk - 2nd International Conference on Cloud Computing and Services Science (CLOSER), 2012 (PDF)
- XSpRES: XML-Signaturen, aber sicher!; Christian Mainka, Junker, Holger, Lo Iacono, Luigi, Jörg Schwenk - DuD - Datenschutz und Datensicherheit Ausgabe 04/2012.
- On Breaking SAML: Be Whoever You Want to Be; Juraj Somorovsky, Andreas Mayer, Jörg Schwenk, Marco Kampmann, Meiko Jensen - 21st USENIX Security Symposium, 2012 (PDF)
- Technical Analysis of Countermeasures against Attack on XML Encryption - or - Just Another Motivation for Authenticated Encryption; Juraj Somorovsky, Jörg Schwenk - SERVICES Workshop on Security and Privacy Engineering, 2012 (PDF)
- Bleichenbacher’s Attack Strikes Again: Breaking PKCS#1 v1.5 in XML Encryption; Tibor Jager, Sebastian Schinzel, Juraj Somorovsky - 17th European Symposium on Research in Computer Security (ESORICS), 2012, Full Version (PDF)
- Sec2: Secure Mobile Solution for Distributed Public Cloud Storages; Juraj Somorovsky, Christopher Meyer, Thang Tran, Mohamad Sbeiti, Jörg Schwenk, Christian Wietfeld - 2nd International Conference on Cloud Computing and Services Science (CLOSER), 2012 (PDF)
- On the Effectiveness of XML Schema Validation for Countering XML Signature Wrapping Attacks; Meiko Jensen, Christopher Meyer, Juraj Somorovsky, Jörg Schwenk - In IWSSC 2011: First International Workshop on Securing Services on the Cloud, Sept. 2011 (PDF)
- All Your Clouds are Belong to us – Security Analysis of Cloud Management Interfaces; Juraj Somorovsky, Mario Heiderich, Meiko Jensen, Jörg Schwenk, Nils Gruschka, Luigi Lo Iacono - ACM Cloud Computing Security Workshop (CCSW), 2011. (PDF)
- How To Break XML Encryption; Tibor Jager, Juraj Somorovsky - 18th ACM Conference on Computer and Communications Security (CCS), 2011. (PDF)
- Sec2 – Ein mobiles Nutzerkontrolliertes Sicherheitskonzept für Cloud-Storage; Christopher Meyer, Juraj Somorovsky, Jörg Schwenk, Benedikt Driessen, Thang Tran, Christian Wietfeld - DACH Security 2011, Oldenburg, Germany (PDF)
- The Bug that made me President: A Browser- and WebSecurity Case Study on Helios Voting; Mario Heiderich, Tilman Frosch, Marcus Niemietz, Jörg Schwenk - International Conference on Evoting and Identity (VoteID), 2011, Tallinn, Estonia, September 2011.
- The Power of Recognition: Secure Single Sign-On using TLS Channel Bindings; Jörg Schwenk, Florian Kohlar, Marcus Amon - Seventh ACM Workshop on Digital Identity Management (DIM) (October 21, 2011, Chicago, IL, USA. Collocated with ACM CCS 2011) Copyright 2011 ACM 978-1-4503-1006-2/11/10.
- Streaming-Based Verification of XML Signatures in SOAP Messages; Juraj Somorovsky, Meiko Jensen, Jörg Schwenk - IEEE International Workshop on Web Service and Business Process Security (WSBPS), Miami, Florida, U.S.A., 2010.
- Towards an Anonymous Access Control and Accountability Scheme for Cloud Computing; Jörg Schwenk, Sven Schäge, Meiko Jensen, - 3rd IEEE International Conference on Cloud Computing (IEEE CLOUD 2010), Miami, FL, USA. (Info)
- A CDH-Based Ring Signature Scheme with Short Signatures and Public Keys; Jörg Schwenk, Sven Schäge, - Financial Cryptography Fourteenth International Conference, FC 2010, Tenerife, Spain, January 25-28, 2010. (Info)
- Secure Bindings of SAML Assertions to TLS Sessions; Jörg Schwenk, Sebastian Gajek, Meiko Jensen, Florian Kohlar, - Proceedings of the Fifth International Conference on Availability, Reliability and Security (ARES), Krakow, Poland.
- Analysis of Signature Wrapping Attacks and Countermeasures; Jörg Schwenk, Sebastian Gajek, Lijun Liao, Meiko Jensen, - Proceedings of the 7th IEEE International Conference on Web Services (ICWS), Los Angeles, USA, 2009.
- Extending the Similarity-Based XML Multicast Approach with Digital Signatures; Jörg Schwenk, Meiko Jensen, Antonia Azzini, Stefania Marrara - Proceedings of the ACM Workshop on Secure Web Services (SWS), Chicago, Illinois, U.S.A.
- Group Key Agreement for Wireless Mesh Networks; Jörg Schwenk, Andreas Noack, - The 5th LCN Workshop on Security in Communications Networks (SICK 2009) Zürich, Switzerland; 20-23 October 2009.
- On Technical Security Issues in Cloud Computing; Jörg Schwenk, Meiko Jensen, Nils Gruschka, Luigi Lo Iacono - Proceedings of the IEEE International Conference on Cloud Computing (CLOUD-II 2009), Bangalore, India.
- The Accountability Problem of Flooding Attacks in Service-Oriented Architectures; Jörg Schwenk, Meiko Jensen, - Proceedings of the IEEE International Conference on Availability, Reliability, and Security (ARES)
- The Curse of Namespaces in the Domain of XML Signature; Jörg Schwenk, Lijun Liao, Meiko Jensen, - Proceedings of the ACM Workshop on Secure Web Services (SWS), Chicago, Illinois, U.S.A.
- A novel solution for end-to-end integrity protection in signed PGP mail; Jörg Schwenk, Lijun Liao, - ICICS 2008, Birmingham, UK.
- Code Voting with Linkable Group Signatures; Jörg Schwenk, Sven Schäge, Jörg Helbach - 3rd International Conference, Coorganized by Council of Europe, Gesellschaft für Informatik and E-Voting.CC, August 6th-9th, 2008 in Castle Hofen, Bregenz, Austria 2008. In LNI, 2008.
- Modeling and Transformation of Security Requirements: An Approach for Serviceoriented Architectures; Jörg Schwenk, Meiko Jensen, Ralph Herkenhöner, Sven Feja, Hermann de Meer, Andreas Speck - Proceedings of the First Euro-NF Workshop on Future Internet Architecture: New Trends in Service & Networking Architectures, 21. November 2008, Paris, France.
- Provably Secure Browser-Based User-Aware Mutual Authentication over TLS; Jörg Schwenk, Ahmad-Reza Sadeghi, Sebastian Gajek, Mark Manulis, - Accepted for ASIACCS'08.
- Securing Email Communication with XML Technology; Jörg Schwenk, Lijun Liao, Mark Manulis, - "Handbook of Research on Information Security and Assurance", to be published in August 2008 by Information Science Reference.
- Stronger TLS Bindings for SAML Assertions and SAML Artifacts; Jörg Schwenk, Sebastian Gajek, Lijun Liao, - ACM CCS Workshop for Secure Web Services (ACM SWS'08), Virginia (USA), 2008.
- TLS Federation - a Secure and Relying-Party-Friendly Approach for Federated Identity Management; Jörg Schwenk, - This paper describes a novel approach that integrates Federated IDM and SSL.
- Universally Composable Security Analysis of TLS; Jörg Schwenk, Ahmad-Reza Sadeghi, Sebastian Gajek, Mark Manulis, Olivier Pereira - Accepted for the Second Conference on Provable Security (ProvSec), 2008.
- Trusted User-Aware Web Authentication; Jörg Schwenk, Ahmad-Reza Sadeghi, Sebastian Gajek, Marcel Winandy, - Presented at the Workshop on Trustworthy User Interfaces for Passwords and Personal Information (TIPPI'07), Stanford, USA, June 22, 2007.
- Aktuelle Gefahren im Onlinebanking-Technische und Juristische Hintergründe.; Jörg Schwenk, Georg Borges, Sebastian Gajek, Christoph Wegener, Isabelle Biallaß, Julia Meyer, Dennis Werner - 10th German IT Security Congress, Federal Office for Information Security, Bonn (Germany), 2007.
- Breaking and Fixing the Inline Approach.; Jörg Schwenk, Sebastian Gajek, Lijun Liao, - ACM CCS Workshop for Secure Web Services (ACM SWS'07), Alexandria (USA), 2007.
- Browser Models for Usable Authentication Protocols.; Jörg Schwenk, Ahmad-Reza Sadeghi, Sebastian Gajek, Mark Manulis, - IEEE Security and Privacy Workshop on Web 2.0 Security and Privacy (W2SP'07), Oakland (USA), 2007.
- Browser-based Authentication Protocols for Naive Users.; Jörg Schwenk, Ahmad-Reza Sadeghi, Sebastian Gajek, Mark Manulis, - accepted for presentation at the Western European Workshop on Research in Cryptology (WEWoRC 2007), Bochum (Germany), 2007.
- End-to-End Header Protection in S/MIME and PGP Mail.; Jörg Schwenk, Lijun Liao, - Postersession in the 10th German IT Security Congress, Federal Office for Information Security, Bonn (Germany), 2007.
- End-to-End Header Protection in Signed S/MIME.; Jörg Schwenk, Lijun Liao, - 2nd International Symposium on Information Security (IS'07), Nov 26-27, 2007 in Vilamoura, Algarve, Portugal.
- On Security Models and Compilers for Group Key Exchange Protocols.; Jörg Schwenk, Mark Manulis, Emmanuel Bresson - 2nd International Workshop on Security (IWSEC 2007), Nara (Japan), 2007.
- Provably Secure Framework for Information Aggregation in Sensor Networks.; Jörg Schwenk, Mark Manulis, - International Conference on Computational Science and Its Applications (ICCSA 2007), Kuala Lumpur (Malaysia), 2007.
- Secure Emails in XML Format Using Web Services.; Jörg Schwenk, Lijun Liao, - 5th IEEE European Conference on Web Services (ECOWS 07), November 26-28, 2007 in Halle (Saale), Germany.
- Secure Internet Voting With Code Sheets.; Jörg Schwenk, Jörg Helbach - FIDIS First Conference on E-Voting and Identity. Bochum (Germany), 4-5 October 2007.
- Securing Email Communication with XML Technology.; Jörg Schwenk, Lijun Liao, - The 2007 International Conference on Internet Computing (ICOMP 2007), 25-28 June 2007, Las Vegas, USA.
- Signieren mit Chipkartensystemen in unsicheren Umgebungen - Homebanking mit Secure HBCI/FinTS; Jörg Schwenk, Sebastian Gajek, Lijun Liao, - In Datenschutz und Datensicherheit, Ausgabe 2007/11
- SSL-over-SOAP: Towards a Token-based Key Establishment Framework for Web Services.; Jörg Schwenk, Sebastian Gajek, Lijun Liao, - IEEE ECOWS Workshop on Emerging Web Services Technology (WEWST'07), Halle (Germany), 2007
- Towards a Formal Semantic of XML Signature.; Jörg Schwenk, Sebastian Gajek, Lijun Liao, - W3C Workshop Next Steps for XML Signature and XML Encryption, Mountain View (USA), 2007.
- Trustworthy Signing with Smart Card System in Untrustworthy Environments.; Jörg Schwenk, Sebastian Gajek, Lijun Liao, - e-Smart conference and demos 2007, 19-21 September 2007, Sophia Antipolis, French Riviera.
- Using Two-Steps Hash Function to Support Trustworthy Signing.; Jörg Schwenk, Sebastian Gajek, Lijun Liao, - Western European Workshop on Research in Cryptology (WEWoRC 2007), Bochum (Germany), 2007.
- A Case Study on Online-Banking Security.; Jörg Schwenk, Sebastian Gajek, Henrik te Heesen - International Conference on Emerging Trends in Information and Communication Security (ETRICS'06) Workshop on Security and Privacy in Future Business Services, Freiburg (Germany), 2006.
- Linkable Democratic Group Signatures; Jörg Schwenk, Ahmad-Reza Sadeghi, Mark Manulis, - Accepted for 2nd Information Security Practice and Experience Conference (ISPEC 2006), 11.-14. April, Hangzhou, China.
- Reversed Responsibilities: Browser Authentication instead of Server Authentication.; Jörg Schwenk, Sebastian Gajek, - Workshop on Transparency and Usability of Web Authentication, New York (USA), 2006.
- SSL-VA-Authentifizierung als Schutz vor Phishing und Pharming.; Jörg Schwenk, Sebastian Gajek, Christoph Wegener, - accepted for Sicherheit - Schutz und Zuverlässigkeit, February 20, 2006, Magdeburg, Germany.
- Fair DRM - Ermöglichen von Privatkopien und Schutz digitaler Waren; Jörg Schwenk, Ulrich Greveler, Andre Adelsbach, - accepted for 9. Deutscher IT-Sicherheitskongress des BSI, Mai 2005.
- Identitätsmissbrauch im Onlinebanking; Jörg Schwenk, Sebastian Gajek, Christoph Wegener, - Datenschutz und Datensicherheit, Ausgabe 11, 2005.
- Phishing - Die Täuschung des Benutzers zur Preisgabe geheimer Benutzerdaten; Jörg Schwenk, Sebastian Gajek, Andre Adelsbach, - 9. Deutscher IT-Sicherheitskongress des BSI, 2005.
- Secure XMaiL or How to Get Rid of Legacy Code in Secure E-Mail Applications; Jörg Schwenk, Lijun Liao, Lars Ewers, Wolfgang Kubbilun - In CMS 2005: Proceedings of the 9th IFIP International Conference on Communications and Multimedia Security, Lecture Notes in Computer Science, volume 3677, pages 291-300, Springer, 2005.
- Trustworthy Visualisation and Verification of Multiple XML-Signatures; Jörg Schwenk, Sebastian Gajek, Wolfgang Kubbilun - In CMS 2005: Proceedings of the 9th IFIP International Conference on Communications and Multimedia Security, Lecture Notes in Computer Science, volume 3677, pages 311-320, Springer, 2005. (Info)
- Visual Spoofing of SSL Protected Web Sites and Effective Countermeasures; Jörg Schwenk, Sebastian Gajek, Andre Adelsbach, - First Information Security Practice and Experience Conference (ISPEC 2005), LNCS 3439. pp 204-217. Copyrights Springer-Verlag, Heidelberg Berlin.
- Key-Assignment Strategies for CPPM.; Jörg Schwenk, Andre Adelsbach, - ACM Multimedia and Security Workshop 2004, Magdeburg, Germany, pp. 107 - 115, © ACM, 2004.
- Pseudonym Generation Scheme for Ad-Hoc Group Communication Based on IDH.; Jörg Schwenk, Mark Manulis, - 1st European Workshop on Security in Ad-Hoc and Sensor Networks (ESAS 2004), Lecture Notes in Computer Science, volume 3313, pages 107-124, Springer-Verlag, 2005.
- Customer Identification for MPEG Video based on Digital Fingerprinting.; Jörg Schwenk, Enrico Hauer, Jana Dittman, Eva Saar, Claus Vielhauer - Proc. IEEE Pacific-Rim Conference on Multimedia (PCM-2001).
- Tree based Key Agreement for Multicast.; Jörg Schwenk, T. Martin, R. Schaffelhofer - Proc. Communications and Multimedia Security 2001, Mai 2001, Darmstadt.
- Conditional Access for Business TV.; Jörg Schwenk, - Fernseh- und Kino-Technik 6/2000.
- Combining digital watermarks and collusion secure fingerprints for digital images.; Jörg Schwenk, A. Behr, Jana Dittman, J. Ueberberg, P Schmitt, M. Stabenau - Proc. Electronic Imaging'99, San Jose, USA.
- How to securely broadcast a secret.; Jörg Schwenk, - In: B. Preneel (Ed.): Proceedings Communications an Multimedia Security '99, Kluwer Academic Publishers, 1999.
- Public Key Encryption and Digital Signatures based on Permutation Polynomials.; Jörg Schwenk, Klaus Huber, - Electronics Letters, Vol 34 No. 8, 1998, 759-760.
- Establishing a Key Hierarchy for Conditional Access without Encryption.; Jörg Schwenk, - Proc. IFIP Communications and Multimedia Security 1996, Chapman & Hall, London.
- Public Key Encryption and Signature Schemes Based on Polynomials over Zn.; Jörg Schwenk, J. Eisfeld - Proc. EUROCRYPT 96, Ed. Ueli Maurer, Springer LNCS 1070 (1996), 60-71.
- A Classification of Abelian Quasigroups.; Jörg Schwenk, - Rendiconti di Matematica, Serie VII, Volume 15, Roma (1995), 161-172
Fachvorträge
-
- RuhrSec 2023, Bochum. Security of Push Messaging. Jörg Schwenk (YouTube)
-
- German OWASP Day 2019, Karlsruhe. How to break PDF security. Jens Müller, Christian Mainka und Vladislav Mladenov (YouTube)
- CCS 2019, London. 1 Trillion Dollar Refund – How To Spoof PDF Signatures. Christian Mainka
- IT Security Summit 2019, Berlin. UI-Redressing und Clickjacking. Marcus Niemietz
- Paderborner Tag der IT-Sicherheit 2019, Paderborn. Attacks on Printers. Juraj Somorovsky
-
- TeleTrusT-EBCA-PKI Workshop 2018, Berlin. Efail: Breaking S/MIME and OpenPGP Email Encryption using Exfiltration Channels. Juraj Somorovsky
- USENIX Security 2018, Baltimore. Return Of Bleichenbacher’s Oracle Threat (ROBOT). Juraj Somorovsky (YouTube)
- Workshop on Attacks in Cryptography 2018, Santa Barbara. Efail: Breaking S/MIME and OpenPGP Email Encryption using Exfiltration Channels. Juraj Somorovsky
- Workshop on Offensive Technologies 2018, Baltimore. Security Analysis of eIDAS – The Cross-Country Authentication Scheme in Europe. Juraj Somorovsky
- SantaCrypt 2017, Prague. Systematic Fuzzing and Testing of TLS Libraries. Juraj Somorovsky
- USENIX Security 2017, Vancouver. Same-Origin Policy: Evaluation in Modern Browsers. Marcus Niemietz (YouTube)
- RuhrSec 2016, Bochum. Transport Layer Security – TLS 1.3 and backwards security issues. Jörg Schwenk (YouTube)
- ai3 Symposium 2016, Bochum. Sourcecodereview am Beispiel OpenSSL. Juraj Somorovsky
- HNI Symposium On-The-Fly Computing 2016, Paderborn. DROWN: Breaking TLS Using SSLv2. Juraj Somorovsky
- German OWASP Day 2015, Frankfurt. Practical Invalid Curve Attacks on TLS-ECDH. Juraj Somorovsky
- DEEPSEC 2015, Vienna. How to Break XML Encryption - Automatically. Juraj Somorovsky (YouTube)
- Black Hat 2015, Amsterdam. How to Break XML Encryption - Automatically. Juraj Somorovsky (YouTube)
- CCS 2015, Denver, USA. On the Security of TLS 1.3 and QUIC Against Weaknesses in PKCS#1 v1.5 Encryption. Juraj Somorovsky (YouTube)
- ESORICS 2015, Vienna. Practical Invalid Curve Attacks on TLS-ECDH. Juraj Somorovsky
- Real World Crypto 2015, Stanford, USA. Practical Attacks on Real World Cryptographic Implementations. Juraj Somorovsky
- Web 2.0 Security & Privacy 2015, San Jose. Owning Your Home Network: Router Security Revisited. Marcus Niemietz (DL)
- Bewertungsaspekte Service- und Cloud-basierter Architekturen (BSOA/BCLOUD) 2014, Frankfurt. SOAP to REST: Security Enhancement. Juraj Somorovsky, Markus Mayer (Axway GmbH)
- Black Hat Asia 2014, Singapore. UI Redressing Attacks on Android Devices Revisited. Marcus Niemietz (YouTube)
- DEEPSEC 2014, Vienna. Revisiting SSL/TLS Implementations - New Bleichenbacher Side Channels and Attacks. Juraj Somorovsky (Video)
- NDSS 2013, San Diego. One Bad Apple: Backwards Compatibility Attacks on State-of-the-Art Cryptography. Juraj Somorovsky
- OWASP EU 2013, Hamburg. Keynote: Cryptography in Web Security: Stupid, Broken, and maybe Working?. Jörg Schwenk (YouTube)
- German OWASP Day 2012, Munich. On Breaking SAML: Be Whoever You Want to Be. Christian Mainka, Juraj Somorovsky
- IBM Appliance Veranstaltung 2012, Frankfurt. Aktuelle Forschungsergebnisse zur Netzwerksecurity mit SOAP- und XML- Web Services. Christian Mainka, Juraj Somorovsky
- Black Hat Abu Dhabi 2012, Abu Dhabi. UI Redressing Attacks on Android Devices. Marcus Niemietz
- ESORICS 2012, Pisa. Bleichenbacher’s Attack Strikes Again: Breaking PKCS#1 v1.5 in XML Encryption. Juraj Somorovsky
- USENIX 2012, Seattle. On Breaking SAML: Be Whoever You Want to Be. Juraj Somorovsky
- SERVICES Workshop 2012, Hawaii. Technical Analysis of Countermeasures against Attack on XML Encryption - or - Just Another Motivation for Authenticated Encryption. Juraj Somorovsky
- SERVICES Workshop 2012, Hawaii. Penetration Testing Tool for Web Services Security. Christian Mainka
- Confidence 2012, Krakow. All Your Clouds are Belong to us - Security Analysis of Cloud Management Interfaces. Juraj Somorovsky
- a-i3/BSI Symposium 2012, Bochum. Standards für das Identitätsmanagement: Der Fall SAML. Juraj Somorovsky
- IT-Sicherheitskonferenz Stralsund 2012. How To Break XML Encryption. Juraj Somorovsky
- BlueHat 2011, Seattle. UI redressing and Clickjacking. Marcus Niemietz
- Microsoft Web Application Security Summit 2011, Seattle. UI Redressing: Attacks and Countermeasures Revisited. Marcus Niemietz
- German OWASP Day 2011, Munich. How To Break XML Signature and XML Encryption. Juraj Somorovsky
- VoteID 2011, Tallinn. The Bug that made me President: A Browser- and Web-Security Case Study on Helios Voting. Marcus Niemietz
- CCSW 2011, Chicago. All Your Clouds are Belong to us - Security Analysis of Cloud Management Interfaces. Juraj Somorovsky
Bücher
- Identitätsdiebstahl und Identitätsmissbrauch im Internet, Rechtliche und technische Aspekte, Jörg Schwenk et al., Springer
- Daten- und Identitätsschutz in Cloud Computing, E-Government und E-Commerce, Jörg Schwenk et al., Springer
- Clickjacking und UI-Redressing – Vom Klick-Betrug zum Datenklau. Ein Leitfaden für Sicherheitsexperten und Webentwickler, Marcus Niemietz
- Sicherheit und Kryptographie im Internet: Von Sicherer E-Mail bis zu IP-Verschlüsselung, Jörg Schwenk, Springer
- Moderne Verfahren der Kryptographie: Von RSA zu Zero-Knowledge, Jörg Schwenk et al., Springer
Abschlussarbeiten
-
- Improving the Detection and Identification of Template Engines for Large-Scale Template Injection Scanning; Maximilian Hildebrand. Masterarbeit. 2023 (PDF)
-
- Analysis of the Financial-Grade API (FAPI); Johanna Schenkel. Bachelorarbeit. 2022 (PDF)
-
- Automated Scanning for Web Cache Poisoning Vulnerabilities; Maximilian Hildebrand. Bachelorarbeit. 2021 (PDF)
Presseartikel
-
- Forscher täuschen PDF-Reader mit verstecktem Text. Spiegel. 2020 (Artikel)
- New 'Shadow Attack' can replace content in digitally signed PDF files. ZDNet. 2020 (Artikel)
- Shadow Attacks: Forscher hebeln PDF-Signaturprüfung erneut aus. Heise. 2020 (Artikel)
- Du kommst hier nicht rein. RUHRMOTOR. 2020 (Artikel)
-
- Glauben Sie nicht alles, was in einem PDF-Dokument steht. ZEIT ONLINE. 2019 (Artikel)
- New PDFex attack can exfiltrate data from encrypted PDF files. ZDNet. 2019 (Artikel)
- Critical PDF Warning: New Threats Leave Millions At Risk—Update All PDF Apps Now. Forbes. 2019 (Artikel)
- Angreifer können verschlüsselte PDF-Daten leaken. Golem. 2019 (Artikel)
- S/MIME und PGP: E-Mail-Signaturprüfung lässt sich austricksen. Heise. 2019 (Artikel)
- Over Dozen Popular Email Clients Found Vulnerable to Signature Spoofing Attacks. The Hacker News. 2019 (Artikel)
- Forscher finden Schwachstellen in E-Mail-Signaturprüfung. Bundesamt für Sicherheit in der Informationstechnik. 2019 (Artikel)
- Digital Signatures in PDFs Are Broken. Bruce Schneier. 2019 (Artikel)
- PDF Problems: Digital Signatures Successfully Faked in Most PDF Readers. Tom’s Hardware. 2019 (Artikel, PDF Insecurity Website)
- Some of the web’s biggest sites are still vulnerable to age-old crypto attacks. The Daily Swig. 2019 (Artikel)
- Viele PDF-Viewer beglaubigen Fake-Amazon-Erstattung über eine Billion US-Dollar. Heise. 2019 (Artikel)
-
- Siwecos bringt Schnell-Check für sichere Webseiten. Security-Insider. 2018 (Artikel)
- Gravierende Schwachstellen in E-Mail-Verschlüsselung. Süddeutsche Zeitung. 2018
- Critical PGP and S/MIME bugs can reveal encrypted emails—uninstall now [Updated]. Ars Technica. 2018 (Artikel)
- ROBOT-Attacke: TLS-Angriff von 1998 funktioniert immer noch. Heise. 2017 (Artikel, ROBOT Website)
- 'ROBOT Attack' Exposed Facebook With 19-Year-Old Bug -- Massive Websites Still Vulnerable. Forbes. 2017 (Artikel)
- Siwecos: Datenpannen bei Webseiten vermeiden. Datenschutz Praxis. 2017 (Artikel)
- Flaws in popular printers can let hackers easily steal printed documents. ZDNet. 2017 (Artikel)
- OpenSSL-Update: Die Rückkehr des Padding-Orakels. Golem. 2016 (Artikel)
- Die Handy-Flüsterer kommen. Heise. 2016 (Artikel)
- DROWN-Angriff: Sicherheitsstandard TLS ausgehebelt - Ein Drittel aller Webserver weltweit betroffen. RUB. 2016 (DROWN Website)
- Attack of the week: DROWN. Matthew Green. 2016 (Artikel)
- matrix - computer & neue medien: Smarte Haushaltsfallen. ORF. 2016 (Radio)
- Punkte auf der falschen elliptischen Kurve. Golem. 2015 (Artikel)
- XML-Verschlüsselung mit vielen Fallstricken. Golem. 2015 (Artikel)
- Das Smart-TV lauscht mit. ORF. 2015 (Radio)
- Internet der Dinge: Nicht ausgereift. WDR5. 2015 (Radio)
- Per Web und USB-Stick: Smart-TVs vielfältig angreifbar. Heise. 2015 (Artikel)
- Webanwendungen vor Angriffen schützen. RUBIN. 2015 (Artikel)
- a-i3/BSI-Kongress: Vorratsdatenspeicherung ist kein Allheilmittel. Heise. 2015 (Artikel)
- Die Hacker und die Wirtschaft. Deutschlandradio Kultur. 2014 (Artikel)
- CAST sucht herausragende Arbeiten zum Thema IT-Sicherheit. Heise. 2014 (Artikel)
- Verschlüsseln soll kinderleicht werden. Zeit. 2014 (Artikel)
- The Best of PenTest 2013. PenTest Magazine. 2013 (Artikel)
- Auftrag: Hacken. Schekker ::: das Jugendmagazin. 2012 (Artikel)
- Clickjacking und UI-Redressing. 1live. 2012 (Radio)
- Spam-Attacken: Klick-Betrüger nehmen Facebook ins Visier. Handelsblatt. 2012
- Internet: Vorkasse und keine Ware. WDR. 2011 (TV)
- Bonn bekommt Cyber-Abwehrzentrum. WDR. 2011 (TV)
- Forscher: XML-Verschlüsselungsstandard unsicher. Heise. 2011 (Artikel)