Technische Universität Braunschweig
  • Study & Teaching
    • Beginning your Studies
      • Prospective Students
      • Degree Programmes
      • Application
      • Fit4TU
      • Why Braunschweig?
    • During your Studies
      • Fresher's Hub
      • Term Dates
      • Courses
      • Practical Information
      • Beratungsnavi
      • Additional Qualifications
      • Financing and Costs
      • Special Circumstances
      • Health and Well-being
      • Campus life
    • At the End of your Studies
      • Discontinuation and Credentials Certification
      • After graduation
      • Alumni*ae
    • For Teaching Staff
      • Strategy, Offers and Information
      • Learning Management System Stud.IP
    • Contact
      • Study Service Centre
      • Academic Advice Service
      • Student Office
      • Career Service
  • Research
    • Research Profile
      • Core Research Areas
      • Clusters of Excellence at TU Braunschweig
      • Research Projects
      • Research Centres
      • Professors‘ Research Profiles
    • Early Stage Researchers
      • Support in the early stages of an academic career
      • PhD-Students
      • Postdocs
      • Junior research group leaders
      • Junior Professorship and Tenure-Track
      • Habilitation
      • Service Offers for Scientists
    • Research Data & Transparency
      • Transparency in Research
      • Research Data
      • Open Access Strategy
      • Digital Research Announcement
    • Research Funding
      • Research Funding Network
      • Research funding
    • Contact
      • Research Services
      • Academy for Graduates
  • International
    • International Students
      • Why Braunschweig?
      • Degree seeking students
      • Exchange Studies
      • TU Braunschweig Summer School
      • Refugees
      • International Student Support
    • Going Abroad
      • Studying abroad
      • Internships abroad
      • Teaching and research abroad
      • Working abroad
    • International Researchers
      • Welcome Support
      • PhD Studies
      • Service for host institutes
    • Language and intercultural competence training
      • Learning German
      • Learning Foreign Languages
      • Intercultural Communication
    • International Profile
      • Internationalisation
      • International Cooperations
      • Strategic Partnerships
      • International networks
    • International House
      • About us
      • Contact & Office Hours
      • News and Events
      • International Days
      • 5th Student Conference: Internationalisation of Higher Education
      • Newsletter, Podcast & Videos
      • Job Advertisements
  • TU Braunschweig
    • Our Profile
      • Aims & Values
      • Regulations and Guidelines
      • Alliances & Partners
      • The University Development Initiative 2030
      • Foundation University
      • Facts & Figures
      • Our History
    • Career
      • Working at TU Braunschweig
      • Vacancies
    • Economy & Business
      • Entrepreneurship
      • Friends & Supporters
    • General Public
      • Check-in for Students
      • The Student House
      • Access to the University Library
    • Media Services
      • Communications and Press Service
      • Services for media
      • Film and photo permits
      • Advices for scientists
      • Topics and stories
    • Contact
      • General Contact
      • Getting here
  • Organisation
    • Presidency & Administration
      • Executive Board
      • Designated Offices
      • Administration
      • Committees
    • Faculties
      • Carl-Friedrich-Gauß-Fakultät
      • Faculty of Life Sciences
      • Faculty of Architecture, Civil Engineering and Environmental Sciences
      • Faculty of Mechanical Engineering
      • Faculty of Electrical Engineering, Information Technology, Physics
      • Faculty of Humanities and Education
    • Institutes
      • Institutes from A to Z
    • Facilities
      • University Library
      • Gauß-IT-Zentrum
      • Professional and Personnel Development
      • International House
      • The Project House of the TU Braunschweig
      • Transfer Service
      • University Sports Center
      • Facilities from A to Z
    • Equal Opportunity Office
      • Equal Opportunity Office
      • Family
      • Diversity for Students
  • Search
  • Quicklinks
    • People Search
    • Webmail
    • cloud.TU Braunschweig
    • Messenger
    • Cafeteria
    • Courses
    • Stud.IP
    • Library Catalogue
    • IT Services
    • Information Portal (employees)
    • Link Collection
    • DE
    • EN
    • Facebook
    • Instagram
    • YouTube
    • LinkedIn
    • Mastodon
Menu
  • Organisation
  • Faculties
  • Carl-Friedrich-Gauß-Fakultät
  • Institutes
  • Institute for Application Security
  • Team
Logo Institut für Anwendungssicherheit der TU Braunschweig
David Klein
  • Team
    • Prof. Dr. Martin Johns
    • Alexandra Dirksen
    • Jan Niklas Drescher
    • Jannik Hartung
    • Tobias Jost
    • Manuel Karl
    • Robin Kirchner
    • David Klein
    • Simon Koch
    • Malte Wessels

David Klein

David Klein

David Klein is a PhD Candidate since October 2018. His research interests include static and dynamic analysis, program transformations, web security and privacy.

@davklein:matrix.tu-bs.de

david.klein[at]tu-braunschweig.de

Publications

Dancer in the Dark: Synthesizing and Evaluating Polyglots for Blind Cross-Site Scripting
Robin Kirchner, Jonas Möller, Marius Musch, David Klein, Konrad Rieck, and Martin Johns
33rd USENIX Security Symposium, 2024 [BIB] [Distinguished Paper Award Winner]

FP-tracer: Fine-grained Browser Fingerprinting Detection via Taint-tracking and Multi-level Entropy-based Thresholds
Soumaya Boussaha, Lukas Hock, Miguel Bermejo, Ruben Cuevas Rumin, Angel Cuevas Rumin, David Klein, Martin Johns, Luca Compagna, Daniele Antonioli, and Thomas Barber
Privacy Enhancing Technologies Symposium (PETS), 2024 [BIB]

A Black-Box Privacy Analysis of Messaging Service Providers’ Chat Message Processing
Robin Kirchner, Simon Koch, Noah Kamangar, David Klein, and Martin Johns
Privacy Enhancing Technologies Symposium (PETS), 2024 [BIB]

Parse Me, Baby, One More Time: Bypassing HTML Sanitizer via Parsing Differentials
David Klein and Martin Johns
45th IEEE Symposium on Security and Privacy (S&P), 2024 [BIB]

The Fault in Our Stars: An Analysis of GitHub Stars as an Importance Metric for Web Source Code
Simon Koch, David Klein, and Martin Johns
Workshop on Measurements, Attacks, and Defenses for the Web (MADWeb), 2024 [BIB]

Poster: The Risk of Insufficient Isolation of Database Transactions in Web Applications
Simon Koch, Malte Wessels, David Klein, and Martin Johns
ACM Conference on Computer and Communications Security (CCS), 2023  [BIB]

General Data Protection Runtime: Enforcing Transparent GDPR Compliance for Existing Applications
David Klein, Benny Rolle, Thomas Barber, Manuel Karl, and Martin Johns
ACM Conference on Computer and Communications Security (CCS), 2023  [BIB]

Accept All Exploits: Exploring the Security Impact of Cookie Banners
David Klein*, Marius Musch*, Thomas Barber, Moritz Kopmann, and Martin Johns
Annual Computer Security Applications Conference (ACSAC), 2022  [BIB]

Hand Sanitizers in the Wild: A Large-scale Study of Custom JavaScript Sanitizer Functions
David Klein, Thomas Barber, Souphiane Bensalim, Ben Stock, and Martin Johns
IEEE European Symposium on Security and Privacy (Euro S&P), 2022  [BIB]

LogPicker: Strengthening Certificate Transparency Against Covert Adversaries
Alexandra Dirksen, David Klein, Robert Michael, Tilman Stehr, Konrad Rieck and Martin Johns.
Privacy Enhancing Technologies (PETS), 2021  [BIB]

Talking About My Generation: Targeted DOM-based XSS Exploit Generation using Dynamic Data Flow Analysis
Souphiane Bensalim, David Klein, Thomas Barber, and Martin Johns
European Workshop on Systems Security (EuroSec), 2021 [BIB]

Adversarial Preprocessing: Understanding and Preventing Image-Scaling Attacks in Machine Learning
Erwin Quiring, David Klein, Daniel Arp, Martin Johns and Konrad Rieck
USENIX Security Symposium, 2020 [BIB]

Deploying Contextual Computing in a Campus Setting
Fabio Aversente, David Klein, Schekeb Sultani, Dmitri Vronski, and Jörg Schäfer
International Network Conference (INC), 2016

Implementing Situation Awareness for Car-to-X Applications using Domain Specific Languages
Jörg Schäfer, and David Klein
IEEE Vehicular Technology Conference (VTC), 2013

Talks

Parse Me, Baby, One More Time: Bypassing HTML Sanitizer via Parsing Differentials
RuhrSec '24, 20.-21.02.2024, Bochum, Germany

Parse Me, Baby, One More Time: Bypassing HTML Sanitizer via Parsing Differentials
Blackhat EU '24, 09.-12.12.2024, London, UK

Exploring Synergies Between Privacy and Security Enhancing Technologies [Slides]
German OWASP Day '23, 30.-31.5.2023, Frankfurt am Main, Germany

Hand Sanitizers in the Wild: A Large-scale Study of Custom JavaScript Sanitizer Functions [Slides]
RuhrSec '23, 11.-12.5.2023, Bochum, Germany

3rd-Party JavaScript, das unbekannte Wesen
Mit Martin Johns, IT-Defense '23,  8.-10.02.2023, Mainz, Germany.

Hand Sanitizers in the Wild: A Large-scale Study of Custom JavaScript Sanitizer Functions [Slides]
OWASP Global AppSec, 17.11.2022, San Francisco, USA

PC Membership

Year Conferences
2025 DIMVA
2024 MADWeb 2024, SecWeb 2024, WORMA 2024
2023 WORMA 2023

Sub-Reviews

Year Conferences
2024 CODASPY, CCS, ACSAC
2023 S&P, CCS
2022 S&P, EuroS&P (external), WWW, ACSAC, CODASPY, SAC, ARES
2021 WWW, CODASPY, SAC, ARES, ACSAC,
2020 WWW, EuroS&P, CODASPY, SAC, ICWE, ACSAC
2019 ACSAC, CODASPY, SAC, ICWE
2018 CODASPY, SAC, ACSAC
Vulnerabilities

I enjoy breaking stuff and helping people fix vulnerabilities.

  • CVE-2022-36020: Typo3 HTML Sanitizer is vulnerable to XSS payloads enclosed in particular HTML comment combinations.

  • CVE-2022-23499: Typo3 HTML Sanitizer can be bypassed by embedding the payload in CDATA or by mutating out of RAWTEXT elements.

  • CVE-2023-23627: Ruby sanitize is affected by an mXSS vulnerability due to incorrectly parsing the noscript tag.

  • CVE-2023-38500: Typo3 HTML Sanitizer is affected by an mXSS vulnerability due to incorrectly parsing the noscript tag.

  • CVE-2023-43643: AntiSamy is affected by an mXSS vulnerability due to incorrectly parsing the noscript tag.

  • CVE-2023-51652: OWASP.AntiSamy is affected by an mXSS vulnerability due to incorrectly parsing the noscript tag.

  • CVE-2024-23635: AntiSamy is vulnerable to XSS payloads enclosed in malformed HTML comments.

Teaching Assistant
Year Semester Name
2023 SoSe Programmieren I
2023 WS Websicherheit (Seminar), Hacklab
2022 SoSe Websicherheit (Seminar)
2022 WS Websicherheit (Seminar), Hacklab
2021 SoSe Websicherheit (Seminar)
2020 WS Websicherheit (Seminar)
2020 SoSe Programmieren II, Anwendungssicherheit (Seminar)
2019 WS Programmieren I, Anwendungssicherheit (Seminar)
2019 SoSe Programmieren I
2018 WS Programmieren I
Photo credits on this page

For All Visitors

Vacancies of TU Braunschweig
Career Service' Job Exchange 
Merchandising

For Students

Term Dates
Courses
Degree Programmes
Information for Freshman
TUCard

Internal Tools

Glossary (GER-EN)
Change your Personal Data

Contact

Technische Universität Braunschweig
Universitätsplatz 2
38106 Braunschweig

P. O. Box: 38092 Braunschweig
GERMANY

Phone: +49 (0) 531 391-0

Getting here

© Technische Universität Braunschweig
Imprint Privacy Accessibility

TU Braunschweig uses the software Matomo for anonymised web analysis. The data serve to optimise the web offer.
You can find more information in our data protection declaration.