O. Top and T. Project, https://www.owasp.org/index.php/Category:OWASP Top - Ten Project, 2010.

M. Abadi and C. Fournet, Mobile values, new names, and secure communication, POPL, pp.104-115, 2001.
URL : https://hal.archives-ouvertes.fr/hal-01423924

M. Abadi and C. Fournet, Private authentication, Theoretical Computer Science, vol.322, issue.3, pp.427-476, 2004.
DOI : 10.1016/j.tcs.2003.12.023

URL : http://doi.org/10.1016/j.tcs.2003.12.023

M. Abadi and A. D. Gordon, A calculus for cryptographic protocols, Proceedings of the 4th ACM conference on Computer and communications security , CCS '97, pp.1-70, 1999.
DOI : 10.1145/266420.266432

M. Abadi and B. T. Loo, Towards a declarative language and system for secure networking, Proceedings of the 3rd USENIX international workshop on Networking meets databases, page 2. USENIX Association, 2007.

D. Akhawe, A. Barth, P. E. Lam, J. Mitchell, and D. Song, Towards a Formal Foundation of Web Security, 2010 23rd IEEE Computer Security Foundations Symposium, pp.290-304, 2010.
DOI : 10.1109/CSF.2010.27

A. Armando, D. A. Basin, Y. Boichut, Y. Chevalier, L. Compagna et al., The AVISPA Tool for the Automated Validation of Internet Security Protocols and Applications, CAV, pp.281-285, 2005.
DOI : 10.1007/11513988_27

URL : https://hal.archives-ouvertes.fr/inria-00000408

A. Armando, R. Carbone, L. Compagna, J. Cuellar, and L. Abad, Formal analysis of SAML 2.0 web browser single sign-on, Proceedings of the 6th ACM workshop on Formal methods in security engineering, FMSE '08, 2008.
DOI : 10.1145/1456396.1456397

M. Avalle, A. Pironti, D. Pozza, and R. Sisto, JavaSPI, International Journal of Secure Software Engineering, vol.2, issue.4, pp.34-48, 2011.
DOI : 10.4018/jsse.2011100103

C. Bansal, K. Bhargavan, and S. Maffeis, WebSpi and web application models, 2011.

C. Bansal, K. Bhargavan, and S. Maffeis, Discovering Concrete Attacks on Website Authorization by Formal Analysis, 2012 IEEE 25th Computer Security Foundations Symposium, pp.247-262, 2012.
DOI : 10.1109/CSF.2012.27

URL : https://hal.archives-ouvertes.fr/hal-00815834

K. Bhargavan, C. Fournet, R. Corin, and E. , Verified Cryptographic Implementations for TLS, ACM Transactions on Information and System Security, vol.15, issue.1, pp.1-3, 2012.
DOI : 10.1145/2133375.2133378

URL : https://hal.archives-ouvertes.fr/hal-00863381

K. Bhargavan, C. Fournet, A. D. Gordon, and S. Tse, Verified interoperable implementations of security protocols, IEEE Computer Security Foundations Workshop (CSFW'06), pp.139-152, 2006.

K. Bhargavan, C. Fournet, A. D. Gordon, and N. Swamy, Verified implementations of the information card federated identity-management protocol, Proceedings of the 2008 ACM symposium on Information, computer and communications security , ASIACCS '08, pp.123-135, 2008.
DOI : 10.1145/1368310.1368330

B. Blanchet, An efficient cryptographic protocol verifier based on prolog rules, Proceedings. 14th IEEE Computer Security Foundations Workshop, 2001., pp.82-96, 2001.
DOI : 10.1109/CSFW.2001.930138

B. Blanchet, Automatic verification of correspondences for security protocols*, Journal of Computer Security, vol.17, issue.4, pp.363-434, 2009.
DOI : 10.3233/JCS-2009-0339

B. Blanchet and B. Smyth, ProVerif: Automatic Cryptographic Protocol Verier, User Manual and Tutorial

A. Bohannon and B. C. Pierce, Featherweight Firefox, Proceedings of the 2010 USENIX conference on Web, 2010.

R. Canetti, Universally composable security: a new paradigm for cryptographic protocols, Proceedings 2001 IEEE International Conference on Cluster Computing, pp.136-145, 2001.
DOI : 10.1109/SFCS.2001.959888

S. Cantor, J. Kemp, R. Philpott, and E. Maler, Assertions and protocols for the oasis security assertion markup language (saml) v2, 2005.

S. Chari, C. S. Jutla, and A. Roy, Universally composable security analysis of oauth v2.0. IACR Cryptology ePrint Archive, p.526, 2011.

F. Corella and K. Lewison, Security Analysis of Double Redirection Protocols, 2011.

J. Detreville, Binder, a logic-based security language, Proceedings 2002 IEEE Symposium on Security and Privacy, pp.105-113, 2002.
DOI : 10.1109/SECPRI.2002.1004365

D. Dolev and A. C. Yao, On the security of public key protocols, IEEE Transactions on Information Theory, vol.29, issue.2, pp.198-208, 1983.
DOI : 10.1109/TIT.1983.1056650

E. Hammer-lahav, The OAuth 1, Protocol. IETF RFC, vol.5849, 2010.

C. Fournet, A. Gordon, and S. Maffeis, A Type Discipline for Authorization in Distributed Systems, 20th IEEE Computer Security Foundations Symposium (CSF'07), pp.31-48, 2007.
DOI : 10.1109/CSF.2007.7

C. Fournet, A. D. Gordon, and S. Maffeis, A type discipline for authorization policies, ACM Trans. Program. Lang. Syst, vol.29, issue.5, 2007.

G. Lei, G. Bai, S. Meng, J. Venkatraman, P. Sun et al., AUTHSCAN: Automatic extraction of web authentication protocols from implementations, NDSS, 2013.

T. Groß, B. Pfitzmann, and A. Sadeghi, Browser Model for Security Analysis of Browser-Based Protocols, Lecture Notes in Computer Science, vol.3679, pp.489-508, 2005.
DOI : 10.1007/11555827_28

E. Hammer-lahav, OAuth Security Advisory: 2009.1 -Session Fixation Attack, 2009.

S. Hansen, J. Skriver, and H. R. Nielson, Using static analysis to validate the SAML single sign-on protocol, Proceedings of the 2005 workshop on Issues in the theory of security , WITS '05, pp.27-40, 2005.
DOI : 10.1145/1045405.1045409

D. Hardt, The OAuth 2.0 Authorization Framework, IETF RFC, vol.6749, 2012.
DOI : 10.17487/rfc6749

D. Jackson, Alloy: A Logical Modelling Language, ZB, 2003.
DOI : 10.1007/3-540-44880-2_1

M. Miculan and C. Urban, Formal analysis of Facebook Connect Single Sign-On authentication protocol [37] R. Milner. Functions as processes, SofSem 2011, Proceedings of Student Research Forum Automata, Languages and Programming, pp.99-116, 1990.

S. Pai, Y. Sharma, S. Kumar, R. M. Pai, and S. Singh, Formal Verification of OAuth 2.0 Using Alloy Framework, 2011 International Conference on Communication Systems and Network Technologies, pp.655-659, 2011.
DOI : 10.1109/CSNT.2011.141

B. Pfitzmann and M. Waidner, Analysis of liberty single-sign-on with enabled clients, IEEE Internet Computing, vol.7, issue.6, pp.38-44, 2003.
DOI : 10.1109/MIC.2003.1250582

B. Pfitzmann and M. Waidner, Federated Identity-Management Protocols, Security Protocols Workshop, pp.153-174, 2005.
DOI : 10.1007/11542322_20

URL : http://citeseerx.ist.psu.edu/viewdoc/summary?doi=

D. Recordon and D. Reed, OpenID 2.0, Proceedings of the second ACM workshop on Digital identity management , DIM '06, pp.11-15, 2006.
DOI : 10.1145/1179529.1179532

J. Somorovsky, A. Mayer, A. Worth, J. Schwenk, M. Kampmann et al., On breaking saml: Be whoever you want to be, Workshop on Offensive Technologies (WOOT), 2012.

S. Sun and K. Beznosov, The devil is in the (implementation) details, Proceedings of the 2012 ACM conference on Computer and communications security, CCS '12, pp.378-390, 2012.
DOI : 10.1145/2382196.2382238

E. Torlak, M. Van-dijk, B. Gassend, D. Jackson, and S. Devadas, Knowledge flow analysis for security protocols, 2006.

R. Wang, S. Chen, and X. Wang, Signing Me onto Your Accounts through Facebook and Google: A Traffic-Guided Security Study of Commercially Deployed Single-Sign-On Web Services, 2012 IEEE Symposium on Security and Privacy, pp.365-379, 2012.
DOI : 10.1109/SP.2012.30

T. Y. Woo and S. S. Lam, A semantic model for authentication protocols, Proceedings 1993 IEEE Computer Society Symposium on Research in Security and Privacy, pp.178-194, 1993.
DOI : 10.1109/RISP.1993.287633

S. Yoshihama, T. Tateishi, N. Tabuchi, and T. Matsumoto, Information-Flow-Based Access Control for Web Browsers, IEICE Transactions on Information and Systems, vol.92, issue.5, pp.92-836, 2009.
DOI : 10.1587/transinf.E92.D.836