Cookieless monster: Exploring the ecosystem of web-based
device fingerprinting, Nick Nikiforakis, IEEE Symposium on
Security and Privacy 2013, 19-22 May 2013, IEEE Computer
SocietyWashington, http://dx.doi.org/10.1109/SP.2013.43
You are what you include: large-scale evaluation of remote
javascript inclusions, Nick
Nikiforakis and Steven Van Acker, ACM
CCS 2012, 16-18 October 2012 ACM, New York 2012,
http://dx.doi.org/10.1145/2382196.2382274
FlowFox: a web browser with flexible and precise information
flow control, Willem De Groef, ACM CCS
2012, 16-18 October 2012, ACM New York 2012,
http://dx.doi.org/10.1145/2382196.2382275
JSand: Complete client-side sandboxing of third-party
JavaScript without browser modifications, Pieter Agten and
Steven Van Acker, ACSAC 2012, 3-7 December 2012, ACM, New York 2012,
http://dx.doi.org/10.1145/2420950.2420952
Bitsquatting: Exploiting bit-flips for fun, or
profit, Nick Nikiforakis and Steven Van Acker, WWW 2013, 13-17 May 2013, IW3C2
Geneva 2013
Web Application Security (Dagstuhl Seminar 12401),
Lieven Desmet and Martin Johns, Dagstuhl reports, 1-5 October 2012,
Dagstuhl Wadern 2013, http://dx.doi.org/10.4230/DagRep.2.10.1
TabShots: Client-side detection of tabnabbing
attacks, Philippe De Ryck and Nick Nikiforakis, AsiaCCS 2013, 8-13 May 2013 ACM,
New York 2013, http://dx.doi.org/10.1145/2484313.2484371
Improving the security of session management in web
applications, Philippe De Ryck, OWASP, AppSec EU 2013, 22-23
August 2013 OWASP Hamburg
Towards a Secure Web: Critical Vulnerabilities and
Client-Side Countermeasures, Nick Nikiforakis, PhD Thesis, 30
August 2013, KU Leuven, Leuven 2013
BetterAuth: Web Authentication Revisited, Martin
Johns, Sebastian Lekies, Bastian Braun, and Benjamin Flesch, Proceedings
of the 28th Annual Computer Security Applications Conference (ACSAC
'12), Annually ACM New York, NY, USA 2012
PreparedJS: Secure Script-Templates for JavaScript,
Martin Johns, Lecture Notes in Computer Science: Proceedings of the
10th Conference on Detection of Intrusions and Malware &
Vulnerability Assessment (DIMVA '13), LNCS, Volume 7967, Springer
Berlin Heidelberg, Germany 2013
Eradicating DNS Rebinding with the Extended Same-Origin
Policy, Martin Johns, Sebastian Lekies, Ben Stock, Proceeding,
SEC'13 Proceedings of the 22nd USENIX conference on Security Annually
USENIX Association Berkeley, CA, USA 2013
Tamper-resistant LikeJacking Protection, Martin Johs,
Sebastian Lekies, 16th International Symposium, RAID 2013, Rodney Bay,
St. Lucia, October 23-25, 2013. Proceedings LNCS, Volume 8145 Springer
Berlin Heidelberg, Germany 2013
User Interface Security Directives for Content Security
Policy, Web Application Security WG (Giorgio Maone, David
Lin-Shung Huang, Tobias Gondrom, Brad Hill, eds.), W3C Working Draft,
W3C, http://www.w3.org/TR/2013/WD-UISecurity-20130523/
Cross-Origin Resource Sharing, Web Applications WG,
Web Application Security WG (Anne van Kesteren, ed.), W3C Candidate
Recommendation, W3C, http://www.w3.org/TR/2013/CR-cors-20130129/
Content Security Policy 1.0, Web Application
SecurityWG (Brandon Sterne, Adam Barth, eds.), W3C Candidate
Recommendation, W3C, http://www.w3.org/TR/2012/CR-CSP-20121115/
WebRTC 1.0: Real-time Communication Between Browsers,
Web Real-Time Communications WG (Adam Bergkvist, Daniel C. Burnett,
Cullen Jennings, Anant Narayanan, eds.), W3C Working Draft, W3C, http://www.w3.org/TR/2013/WD-webrtc-20130910/