J. Williams and D. Wichers, OWASP Top 10 2010 rc1

W. G. Halfond, S. Anand, and A. Orso, Precise interface identification to improve testing and analysis of web applications, Proceedings of the eighteenth international symposium on Software testing and analysis, ISSTA '09, 2009.
DOI : 10.1145/1572272.1572305

W. Wang, Y. Lei, S. Sampath, R. Kacker, R. Kuhn et al., A combinatorial approach to building navigation graphs for dynamic web applications, 2009 IEEE International Conference on Software Maintenance, 2009.
DOI : 10.1109/ICSM.2009.5306321

N. Jovanovic, E. Kirda, and C. Kruegel, Preventing Cross Site Request Forgery Attacks, 2006 Securecomm and Workshops, 2006.
DOI : 10.1109/SECCOMW.2006.359531

A. Barth, C. Jackson, and J. C. Mitchell, Robust defenses for cross-site request forgery, Proceedings of the 15th ACM conference on Computer and communications security, CCS '08, 2008.
DOI : 10.1145/1455770.1455782

J. Ruderman, The Same origin policy. https://developer.mozilla.org/En/ Same_origin_policy_for_JavaScript 8. phpBB Group: phpbb

D. Wagner and D. Dean, Intrusion detection via static analysis, Proceedings 2001 IEEE Symposium on Security and Privacy. S&P 2001, 2001.
DOI : 10.1109/SECPRI.2001.924296
URL : http://citeseerx.ist.psu.edu/viewdoc/summary?doi=10.1.1.26.5910

H. Xu, W. Du, and S. J. Chapin, Context Sensitive Anomaly Monitoring of Process Control Flow to Detect Mimicry Attacks and Impossible Paths, In: RAID, 2004.
DOI : 10.1007/978-3-540-30143-1_2

A. Guha, S. Krishnamurthu, and T. Jim, Using static analysis for Ajax intrusion detection, Proceedings of the 18th international conference on World wide web, WWW '09, 2009.
DOI : 10.1145/1526709.1526785

M. Abadi, M. Budiu, U. Erlingsson, and J. Ligatti, Control-flow integrity, Proceedings of the 12th ACM conference on Computer and communications security , CCS '05, 2005.
DOI : 10.1145/1102120.1102165

M. Cova, D. Balzarotti, V. Felmetsger, and G. Vigna, Swaddler: An Approach for the Anomaly-Based Detection of State Violations in Web Applications, In: RAID, 2007.
DOI : 10.1007/978-3-540-74320-0_4

K. L. Ingham, A. Somayaji, J. Burge, and S. Forrest, Learning DFA representations of HTTP for protecting web applications, Computer Networks, vol.51, issue.5, 2007.
DOI : 10.1016/j.comnet.2006.09.016

C. Kruegel and G. Vigna, Anomaly detection of web-based attacks, Proceedings of the 10th ACM conference on Computer and communication security , CCS '03, 2003.
DOI : 10.1145/948109.948144

F. Valeur, G. Vigna, C. Kruegel, and E. Kirda, An anomaly-driven reverse proxy for web applications, Proceedings of the 2006 ACM symposium on Applied computing , SAC '06, 2006.
DOI : 10.1145/1141277.1141361

M. Johns and J. Winter, RequestRodeo: Client-side Protection Against Session Riding, In: OWASP Europe, 2006.

Z. Mao, N. Li, and I. Molloy, Defeating Cross-Site Request Forgery Attacks with Browser-Enforced Authenticity Protection, In: Financial Cryptography and Data Security, 2009.
DOI : 10.1007/978-3-642-03549-4_15

F. Kerschbaum, Simple cross-site attack prevention, 2007 Third International Conference on Security and Privacy in Communications Networks and the Workshops, SecureComm 2007, 2007.
DOI : 10.1109/SECCOM.2007.4550368

K. Vikram, A. Prateek, and B. Livshits, Ripley, Proceedings of the 16th ACM conference on Computer and communications security, CCS '09, 2009.
DOI : 10.1145/1653662.1653685

S. Chong, K. Vikram, and A. C. Myers, SIF: Enforcing confidentiality and integrity in web applications, 2007.

W. Robertson and G. Vigna, Static Enforcement of Web Application Integrity Through Strong Typing, 2009.