A. Felt and D. Wagner, Phishing on Mobile Devices, p.2, 2011.

T. Luo, X. Jin, A. Ananthanarayanan, and W. Du, Touchjacking Attacks on Web in Android, iOS, and Windows Phone, Foundations and Practice of Security, 2012.
DOI : 10.1007/978-3-642-37119-6_15

G. Rydstedt, B. Gourdin, E. Bursztein, and D. Boneh, Framing Attacks on Smart Phones and Dumb Routers: Tap-jacking and Geo-localization Attacks, In: wOOt, 2010.

P. D. Ryck, L. Desmet, T. Heyman, F. Piessens, and W. Joosen, CsFire: Transparent Client-Side Mitigation of Malicious Cross-Domain Requests, In: ESSoS, 2010.

E. Bursztein, C. Soman, D. Boneh, and J. C. Mitchell, SessionJuggler, Proceedings of the 21st international conference on World Wide Web, WWW '12, 2012.
DOI : 10.1145/2187836.2187880

A. Felt, S. Egelman, M. Finifter, D. Akhawe, and D. Wagner, How to Ask for Permission, In: HotSec, 2012.

N. Chou, R. Ledesma, Y. Teraguchi, D. Boneh, and J. C. Mitchell, Client-side Defense against Web-Based Identity Theft, p.4, 2004.

R. Dhamija and J. Tygar, The battle against phishing, Proceedings of the 2005 symposium on Usable privacy and security , SOUPS '05, 2005.
DOI : 10.1145/1073001.1073009

N. Jovanovic, C. Kruegel, and E. Kirda, Preventing Cross Site Request Forgery Attacks, 2006 Securecomm and Workshops, 2006.
DOI : 10.1109/SECCOMW.2006.359531

B. Sterne and A. Barth, Content Security Policy, W3C Working Draft, p.20111129, 2011.

M. Johns, B. Braun, M. Schrank, and J. Posegga, Reliable protection against session fixation attacks, Proceedings of the 2011 ACM Symposium on Applied Computing, SAC '11, 2011.
DOI : 10.1145/1982185.1982511

H. Lockhart and B. Campbell, SAML V2.0. https://www.oasis-open, 2008.

T. Tong and D. Evans, GuarDroid: A Trusted Path for Password Entry, p.2013, 2013.

B. Braun, S. Kucher, M. Johns, and J. Posegga, A User-Level Authentication Scheme to Mitigate Web Session-Based Vulnerabilities, 2012.
DOI : 10.1007/978-3-642-32287-7_2