Users are not the enemy, Commun. ACM, vol.42, pp.40-46, 1999. ,
DOI : 10.1145/322796.322806
Lightweight protection against brute force login attacks on web applications, Eighth Annual International Conference on. IEEE, pp.181-188, 2010. ,
DOI : 10.1109/pst.2010.5593241
Avoiding the top 10 software security design flaws, 2014. ,
Electronic authentication guideline, 2004. ,
Designing human friendly human interaction proofs (HIPs), Proceedings of the SIGCHI conference on Human factors in computing systems, pp.711-720, 2005. ,
DOI : 10.1145/1054972.1055070
Swaddler: An approach for the anomaly-based detection of state violations in web applications, International Workshop on Recent Advances in Intrusion Detection, pp.63-86, 2007. ,
, Common Weakness Enumeration (CWE), A community-developed List of Software Weakness Types
The seven flaws of identity management: Usability and security challenges, IEEE Security & Privacy, vol.6, 2008. ,
Considering browser interaction in web application testing, Web Site Evolution, pp.74-81, 2003. ,
,
Leveraging user-session data to support web application testing, IEEE Transactions on Software Engineering, vol.31, pp.187-202, 2005. ,
DOI : 10.1109/tse.2005.36
URL : http://people.cs.vt.edu/~fisherii/papers/elbaum-tse05.pdf
Requirements engineering for web applications-a comparative study, J. Web Eng, vol.2, pp.193-212, 2004. ,
, OWASP Foundation, Business Logic Security Cheat Sheet
, OWASP Foundation
Seven business logic flaws that put your website at risk. WhiteHat Security, 2007. ,
Introducing mobile connect -the new standard in digital authenti ,
Cross-Site Scripting (XSS) attacks and defense mechanisms: classification and state-of-the-art, International Journal of System Assurance Engineering and Management, vol.8, pp.512-530, 2017. ,
The S/KEY one-time password system, 1995. ,
DOI : 10.17487/rfc1760
URL : https://www.rfc-editor.org/rfc/pdfrfc/rfc1760.txt.pdf
The OAuth 2.0 authorization framework, 2012. ,
Taxonomies of attacks and vulnerabilities in computer systems, IEEE Communications Surveys & Tutorials, vol.10, p.1, 2008. ,
, 2012-09-07. Entity Authentication assurance framework
Susceptibility matrix: A new aid to software auditing, IEEE Security & Privacy, vol.2, issue.2, pp.16-21, 2004. ,
DOI : 10.1109/msecp.2004.1281240
Pixy: A static analysis tool for detecting web application vulnerabilities, 2006. ,
DOI : 10.1109/sp.2006.29
Hack any skype account in 6 easy steps ,
BLOCK: a black-box approach for detection of state violation attacks towards web applications, Proceedings of the 27th Annual Computer Security Applications Conference, pp.247-256, 2011. ,
A framework for behavior-based detection of user substitution in a mobile context. computers & security, vol.26, pp.154-176, 2007. ,
Web application security engineering, IEEE Security & Privacy, vol.4, issue.4, pp.16-24, 2006. ,
DOI : 10.1109/msp.2006.109
Toward Black-Box Detection of Logic Flaws in Web Applications, NDSS, 2014. ,
OpenID 2.0: a platform for usercentric identity management, Proceedings of the second ACM workshop on Digital identity management, pp.11-16, 2006. ,
DOI : 10.1145/1179529.1179532
A taxonomy of SQL injection detection and prevention techniques, Informatics and Creative Multimedia (ICICM), 2013 International Conference on. IEEE, pp.53-56, 2013. ,
Transforming the 'weakest link' a human/computer interaction approach to usable and effective security, BT technology journal, vol.19, pp.122-131, 2001. ,
Eliciting security requirements with misuse cases, Requirements engineering, vol.10, pp.34-44, 2005. ,
DOI : 10.1007/s00766-004-0194-4
Security requirements for the rest of us: A survey, IEEE software, vol.25, p.1, 2008. ,
Security Levels for Web Authentication Using Mobile Phones, Privacy and Identity Management for Life -6th IFIP WG 9, 2010. ,
DOI : 10.1007/978-3-642-20769-3_11
URL : https://hal.archives-ouvertes.fr/hal-01559465
, Web Application Security Consortium (WASC)
User interaction design for secure systems, International Conference on Information and Communications Security, pp.278-290, 2002. ,
DOI : 10.1007/3-540-36159-6_24
URL : http://nma.berkeley.edu/ark:/28722/bk0005s3t3z