• Veronese L, Farinier B, Bernardo P, Tempesta M, Squarcina M and Maffei M. (2023). WebSpec: Towards Machine-Checked Analysis of Browser Security Mechanisms 2023 IEEE Symposium on Security and Privacy (SP). 10.1109/SP46215.2023.10179465. 978-1-6654-9336-9. (2761-2779).

    https://ieeexplore.ieee.org/document/10179465/

  • Jannett L, Mladenov V, Mainka C and Schwenk J. DISTINCT. Proceedings of the 2022 ACM SIGSAC Conference on Computer and Communications Security. (1553-1567).

    https://doi.org/10.1145/3548606.3560692

  • Kori D and Naik R. (2022). Information Security Awareness Among Postgraduate Students. Handbook of Research on Technological Advances of Library and Information Science in Industry 5.0. 10.4018/978-1-6684-4755-0.ch014. (270-286).

    https://services.igi-global.com/resolvedoi/resolve.aspx?doi=10.4018/978-1-6684-4755-0.ch014

  • LEE J and LEE K. (2022). Spy in Your Eye: Spycam Attack via Open-Sided Mobile VR Device. IEICE Transactions on Information and Systems. 10.1587/transinf.2022EDL8042. E105.D:10. (1817-1820). Online publication date: 1-Oct-2022.

    https://www.jstage.jst.go.jp/article/transinf/E105.D/10/E105.D_2022EDL8042/_article

  • Sprecher S, Kerschbaumer C and Kirda E. (2022). SoK: All or Nothing - A Postmortem of Solutions to the Third-Party Script Inclusion Permission Model and a Path Forward 2022 IEEE 7th European Symposium on Security and Privacy (EuroS&P). 10.1109/EuroSP53844.2022.00021. 978-1-6654-1614-6. (206-222).

    https://ieeexplore.ieee.org/document/9797342/

  • Sun S, Ma H, Song Z and Zhang R. WebCloud: Web-Based Cloud Storage for Secure Data Sharing Across Platforms. IEEE Transactions on Dependable and Secure Computing. 10.1109/TDSC.2020.3040784. 19:3. (1871-1884).

    https://ieeexplore.ieee.org/document/9272682/

  • van Oorschot P. (2021). Web and Browser Security. Computer Security and the Internet. 10.1007/978-3-030-83411-1_9. (245-279).

    https://link.springer.com/10.1007/978-3-030-83411-1_9

  • Steffens M and Stock B. PMForce: Systematically Analyzing postMessage Handlers at Scale. Proceedings of the 2020 ACM SIGSAC Conference on Computer and Communications Security. (493-505).

    https://doi.org/10.1145/3372297.3417267

  • Skeirik S, Meseguer J and Rocha C. Verification of the IBOS Browser Security Properties in Reachability Logic. Rewriting Logic and Its Applications. (176-196).

    https://doi.org/10.1007/978-3-030-63595-4_10

  • Eriksson B and Sabelfeld A. AutoNav: Evaluation and Automatization of Web Navigation Policies. Proceedings of The Web Conference 2020. (1320-1331).

    https://doi.org/10.1145/3366423.3380207

  • Hashmi S, Ikram M and Kaafar M. (2019). A Longitudinal Analysis of Online Ad-Blocking Blacklists 2019 IEEE 44th LCN Symposium on Emerging Topics in Networking (LCN Symposium). 10.1109/LCNSymposium47956.2019.9000671. 978-1-7281-2561-9. (158-165).

    https://ieeexplore.ieee.org/document/9000671/

  • Yang G, Huang J and Gu G. Iframes/popups are dangerous in mobile webview. Proceedings of the 28th USENIX Conference on Security Symposium. (977-994).

    /doi/10.5555/3361338.3361406

  • Saini A, Gaur M, Laxmi V and Conti M. (2019). You click, I steal. International Journal of Information Security. 18:4. (481-504). Online publication date: 1-Aug-2019.

    https://doi.org/10.1007/s10207-018-0423-3

  • Yang G, Huang J, Gu G and Mendoza A. (2018). Study and Mitigation of Origin Stripping Vulnerabilities in Hybrid-postMessage Enabled Mobile Applications 2018 IEEE Symposium on Security and Privacy (SP). 10.1109/SP.2018.00043. 978-1-5386-4353-2. (742-755).

    https://ieeexplore.ieee.org/document/8418635/

  • Scull Pupo A, Christophe L, Nicolay J, de Roover C and Gonzalez Boix E. (2018). Practical Information Flow Control for Web Applications. Runtime Verification. 10.1007/978-3-030-03769-7_21. (372-388).

    http://link.springer.com/10.1007/978-3-030-03769-7_21

  • Schwenk J, Niemietz M and Mainka C. Same-origin policy. Proceedings of the 26th USENIX Conference on Security Symposium. (713-727).

    /doi/10.5555/3241189.3241245

  • Felsch D, Mainka C, Mladenov V and Schwenk J. SECRET. Proceedings of the 2017 ACM on Asia Conference on Computer and Communications Security. (835-848).

    https://doi.org/10.1145/3052973.3052982

  • Osman A, Dafa-Allah A and Elhag A. (2017). Proposed security model for web based applications and services 2017 International Conference on Communication, Control, Computing and Electronics Engineering (ICCCCEE). 10.1109/ICCCCEE.2017.7866696. 978-1-5090-1809-3. (1-6).

    http://ieeexplore.ieee.org/document/7866696/

  • Canfora G and Visaggio C. (2016). A set of features to detect web security threats. Journal of Computer Virology and Hacking Techniques. 10.1007/s11416-016-0266-2. 12:4. (243-261). Online publication date: 1-Nov-2016.

    http://link.springer.com/10.1007/s11416-016-0266-2

  • Li W and Mitchell C. Analysing the Security of Google's Implementation of OpenID Connect. Proceedings of the 13th International Conference on Detection of Intrusions and Malware, and Vulnerability Assessment - Volume 9721. (357-376).

    https://doi.org/10.1007/978-3-319-40667-1_18

  • Besson F, Bielova N and Jensen T. (2016). Hybrid Monitoring of Attacker Knowledge 2016 IEEE 29th Computer Security Foundations Symposium (CSF). 10.1109/CSF.2016.23. 978-1-5090-2607-4. (225-238).

    http://ieeexplore.ieee.org/document/7536378/

  • Van Acker S and Sabelfeld A. JavaScript Sandboxing. Tutorial Lectures on Foundations of Security Analysis and Design VIII - Volume 9808. (32-86).

    https://doi.org/10.1007/978-3-319-43005-8_2

  • Van Acker S, Hausknecht D and Sabelfeld A. Data Exfiltration in the Face of CSP. Proceedings of the 11th ACM on Asia Conference on Computer and Communications Security. (853-864).

    https://doi.org/10.1145/2897845.2897899

  • Luo Z, Fragoso Santos J, Almeida Matos A and Rezk T. Mashic compiler: Mashup sandboxing based on inter-frame communication. Journal of Computer Security. 10.3233/JCS-160542. 24:1. (91-136).

    https://www.medra.org/servlet/aliasResolver?alias=iospress&doi=10.3233/JCS-160542

  • Sunder N and Gireeshkumar T. (2016). Privilege-Based Scoring System Against Cross-Site Scripting Using Machine Learning. Artificial Intelligence and Evolutionary Computations in Engineering Systems. 10.1007/978-81-322-2656-7_54. (591-598).

    http://link.springer.com/10.1007/978-81-322-2656-7_54

  • Weissbacher M, Robertson W, Kirda E, Kruegel C and Vigna G. ZigZag. Proceedings of the 24th USENIX Conference on Security Symposium. (737-752).

    /doi/10.5555/2831143.2831190

  • Georgiev M, Jana S and Shmatikov V. Rethinking Security of Web-Based System Applications. Proceedings of the 24th International Conference on World Wide Web. (366-376).

    https://doi.org/10.1145/2736277.2741663

  • Ribic S, Salihbegovic A and Huseinovic A. (2015). Disabling same origin policy for automatization of webform data entry 2015 38th International Convention on Information and Communication Technology, Electronics and Microelectronics (MIPRO). 10.1109/MIPRO.2015.7160472. 978-9-5323-3082-3. (1279-1283).

    http://ieeexplore.ieee.org/document/7160472/

  • Saini A, Gaur M and Laxmi V. A Taxonomy of Browser Attacks. Handbook of Research on Digital Crime, Cyberspace Security, and Information Assurance. 10.4018/978-1-4666-6324-4.ch019. (291-313).

    http://services.igi-global.com/resolvedoi/resolve.aspx?doi=10.4018/978-1-4666-6324-4.ch019

  • Chen E, Pei Y, Chen S, Tian Y, Kotcher R and Tague P. OAuth Demystified for Mobile Application Developers. Proceedings of the 2014 ACM SIGSAC Conference on Computer and Communications Security. (892-903).

    https://doi.org/10.1145/2660267.2660323

  • Stefan D, Yang E, Marchenko P, Russo A, Herman D, Karp B and Mazières D. Protecting users by confining JavaScript with COWL. Proceedings of the 11th USENIX conference on Operating Systems Design and Implementation. (131-146).

    /doi/10.5555/2685048.2685060

  • Silic M and Back A. (2014). Information security. Information Management & Computer Security. 10.1108/IMCS-05-2013-0041. 22:3. (279-308). Online publication date: 8-Jul-2014.

    http://www.emeraldinsight.com/doi/10.1108/IMCS-05-2013-0041

  • Telikicherla K and Choppella V. Enabling the development of safer mashups for open data. Proceedings of the 1st International Workshop on Inclusive Web Programming - Programming on the Web with Open Data for Societal Applications. (8-15).

    https://doi.org/10.1145/2593761.2593764

  • Gollmann D. Access Control in and Around the Browser. Proceedings of the 10th International Conference on Information Security Practice and Experience - Volume 8434. (1-7).

    https://doi.org/10.1007/978-3-319-06320-1_1

  • Ryck P, Desmet L, Piessens F and Johns M. (2014). How Attackers Threaten the Web. Primer on Client-Side Web Security. 10.1007/978-3-319-12226-7_4. (33-42).

    https://link.springer.com/10.1007/978-3-319-12226-7_4

  • Ryck P, Desmet L, Piessens F and Johns M. (2014). Traditional Building Blocks of the Web. Primer on Client-Side Web Security. 10.1007/978-3-319-12226-7_2. (11-24).

    https://link.springer.com/10.1007/978-3-319-12226-7_2

  • Cao Y, Shoshitaishvili Y, Borgolte K, Kruegel C, Vigna G and Chen Y. (2014). Protecting Web-Based Single Sign-on Protocols against Relying Party Impersonation Attacks through a Dedicated Bi-directional Authenticated Secure Channel. Research in Attacks, Intrusions and Defenses. 10.1007/978-3-319-11379-1_14. (276-298).

    http://link.springer.com/10.1007/978-3-319-11379-1_14

  • Richards G, Hammer C, Zappa Nardelli F, Jagannathan S and Vitek J. (2013). Flexible access control for javascript. ACM SIGPLAN Notices. 48:10. (305-322). Online publication date: 12-Nov-2013.

    https://doi.org/10.1145/2544173.2509542

  • Richards G, Hammer C, Zappa Nardelli F, Jagannathan S and Vitek J. Flexible access control for javascript. Proceedings of the 2013 ACM SIGPLAN international conference on Object oriented programming systems languages & applications. (305-322).

    https://doi.org/10.1145/2509136.2509542

  • Khadraoui D and Feltus C. Critical Infrastructures Governance Exploring SCADA Cybernetics through Architectured Policy Semantic. Proceedings of the 2013 IEEE International Conference on Systems, Man, and Cybernetics. (4766-4771).

    https://doi.org/10.1109/SMC.2013.811

  • Hsiao S, Sun Y and Chen M. (2013). A secure proxy-based cross-domain communication for web mashups. Journal of Web Engineering. 12:3-4. (291-316). Online publication date: 1-Jul-2013.

    /doi/10.5555/2535629.2535636

  • Besson F, Bielova N and Jensen T. Hybrid Information Flow Monitoring against Web Tracking. Proceedings of the 2013 IEEE 26th Computer Security Foundations Symposium. (240-254).

    https://doi.org/10.1109/CSF.2013.23

  • Ofuonye E and Miller J. (2013). Securing web-clients with instrumented code and dynamic runtime monitoring. Journal of Systems and Software. 86:6. (1689-1711). Online publication date: 1-Jun-2013.

    https://doi.org/10.1016/j.jss.2013.02.047

  • Yang E, Stefan D, Mitchell J, Mazières D, Marchenko P and Karp B. Toward principled browser security. Proceedings of the 14th USENIX conference on Hot Topics in Operating Systems. (17-17).

    /doi/10.5555/2490483.2490500

  • Kreitz G. (2013). Flow stealing. Journal of Computer Security. 21:3. (371-391). Online publication date: 1-May-2013.

    /doi/10.5555/2590618.2590621

  • Le V, Welch I, Gao X and Komisarczuk P. Anatomy of drive-by download attack. Proceedings of the Eleventh Australasian Information Security Conference - Volume 138. (49-58).

    /doi/10.5555/2525483.2525489

  • Kwon T and Su Z. Detecting and analyzing insecure component usage. Proceedings of the ACM SIGSOFT 20th International Symposium on the Foundations of Software Engineering. (1-11).

    https://doi.org/10.1145/2393596.2393599

  • Sun S and Beznosov K. The devil is in the (implementation) details. Proceedings of the 2012 ACM conference on Computer and communications security. (378-390).

    https://doi.org/10.1145/2382196.2382238

  • Le V, Welch I, Gao X and Komisarczuk P. A Novel Scoring Model to Detect Potential Malicious Web Pages. Proceedings of the 2012 IEEE 11th International Conference on Trust, Security and Privacy in Computing and Communications. (254-263).

    https://doi.org/10.1109/TrustCom.2012.44

  • Luo Z and Rezk T. Mashic Compiler. Proceedings of the 2012 IEEE 25th Computer Security Foundations Symposium. (157-170).

    https://doi.org/10.1109/CSF.2012.22

  • De Ryck P, Nikiforakis N, Desmet L, Piessens F and Joosen W. Serene. Proceedings of the 12th IFIP WG 6.1 international conference on Distributed Applications and Interoperable Systems. (59-72).

    https://doi.org/10.1007/978-3-642-30823-9_5

  • Singh K, Wang H, Moshchuk A, Jackson C and Lee W. Practical end-to-end web content integrity. Proceedings of the 21st international conference on World Wide Web. (659-668).

    https://doi.org/10.1145/2187836.2187926

  • Li J, Yu D and Maurer L. (2012). A resource management approach to web browser security 2012 International Conference on Computing, Networking and Communications (ICNC). 10.1109/ICCNC.2012.6167512. 978-1-4673-0009-4. (697-701).

    http://ieeexplore.ieee.org/document/6167512/

  • Amrutkar C, Singh K, Verma A and Traynor P. (2012). VulnerableMe: Measuring Systemic Weaknesses in Mobile Browser Security. Information Systems Security. 10.1007/978-3-642-35130-3_2. (16-34).

    http://link.springer.com/10.1007/978-3-642-35130-3_2

  • Van Acker S, De Ryck P, Desmet L, Piessens F and Joosen W. WebJail. Proceedings of the 27th Annual Computer Security Applications Conference. (307-316).

    https://doi.org/10.1145/2076732.2076775

  • Hsiao S, Sun Y, Ao F and Chen M. A Secure Proxy-Based Cross-Domain Communication for Web Mashups. Proceedings of the 2011 IEEE Ninth European Conference on Web Services. (57-64).

    https://doi.org/10.1109/ECOWS.2011.10

  • Kreitz G. Timing is everything. Proceedings of the 16th European conference on Research in computer security. (117-132).

    /doi/10.5555/2041225.2041235

  • Sood A and Enbody R. (2011). The state of HTTP declarative security in online banking websites. Computer Fraud & Security. 10.1016/S1361-3723(11)70073-2. 2011:7. (11-16). Online publication date: 1-Jul-2011.

    https://linkinghub.elsevier.com/retrieve/pii/S1361372311700732

  • Le V, Welch I, Gao X and Komisarczuk P. Two-Stage Classification Model to Detect Malicious Web Pages. Proceedings of the 2011 IEEE International Conference on Advanced Information Networking and Applications. (113-120).

    https://doi.org/10.1109/AINA.2011.71

  • Le V, Welch I, Gao X and Komisarczuk P. Identification of potential malicious web pages. Proceedings of the Ninth Australasian Information Security Conference - Volume 116. (33-40).

    /doi/10.5555/2460416.2460422

  • Kreitz G. (2011). Timing Is Everything: The Importance of History Detection. Computer Security – ESORICS 2011. 10.1007/978-3-642-23822-2_7. (117-132).

    http://link.springer.com/10.1007/978-3-642-23822-2_7

  • Magazinius J, Phung P and Sands D. Safe wrappers and sane policies for self protecting javascript. Proceedings of the 15th Nordic conference on Information Security Technology for Applications. (239-255).

    https://doi.org/10.1007/978-3-642-27937-9_17

  • Pahlke I, Beck R and Wolf M. (2010). Enterprise Mashup Systems as Platform for Situational Applications. Business & Information Systems Engineering. 10.1007/s12599-010-0121-9. 2:5. (305-315). Online publication date: 1-Oct-2010.

    http://link.springer.com/10.1007/s12599-010-0121-9

  • Pahlke I, Beck R and Wolf M. (2010). Enterprise-Mashup-Systeme als Plattform für situative AnwendungenEnterprise Mashup Systems as Platform for Situational Applications. WIRTSCHAFTSINFORMATIK. 10.1007/s11576-010-0240-4. 52:5. (299-310). Online publication date: 1-Oct-2010.

    http://link.springer.com/10.1007/s11576-010-0240-4

  • Akhawe D, Barth A, Lam P, Mitchell J and Song D. Towards a Formal Foundation of Web Security. Proceedings of the 2010 23rd IEEE Computer Security Foundations Symposium. (290-304).

    https://doi.org/10.1109/CSF.2010.27

  • Jang J, Liu D, Nepal S and Zic J. (2010). User Authentication for Online Applications Using a USB-Based Trust Device. Security and Privacy in Mobile Information and Communication Systems. 10.1007/978-3-642-17502-2_2. (15-26).

    http://link.springer.com/10.1007/978-3-642-17502-2_2