- Hardening Firefox against Injection Attacks (PDF), with Christoph Kerschbaumer, Tom Ritter; SecWeb - Designing Security for the Web; Genova, Italy, September 2020
- Subresource Integrity, a W3C specification for conditionally loading third-party scripts based on their cryptographic digest.
- X-Frame-Options: All about Clickjacking? Whitepaper together with Mario Heiderich, Fall 2013
- Origin Policy Enforcement in Modern Browsers, Diploma thesis, Summer/Fall 2012. Errata (TXT), Test Cases/Appendix available on request.