WebSecBiblio.bib

% This file was created with JabRef 2.6.
% Encoding: ASCII

@INPROCEEDINGS{cfi,
  author = {Martin Abadi and Mihai Budiu and Ulfar Erlingsson and Jay Ligatti},
  title = {Control-Flow Integrity: Principles, Implementations, and Applications},
  booktitle = {ACM Conference on Computer and Communications Security ({CCS})},
  year = {2005},
  month = {November}
}

@MISC{firefox-severity,
  author = {Lucas Adamski},
  title = {{Security Severity Ratings}},
  howpublished = {\url{https://wiki.mozilla.org/Security_Severity_Ratings}}
}

@INPROCEEDINGS{beamauth,
  author = {Ben Adida},
  title = {Beam{A}uth: Two-Factor Web Authentication with a Bookmark},
  booktitle = {Proceedings of the 14th ACM Conference on Computer and Communication
	Security (CCS)},
  year = {2007}
}

@INPROCEEDINGS{jsrootkits,
  author = {Ben Adida and Adam Barth and Collin Jackson},
  title = {{Rootkits for JavaScript Environments}},
  booktitle = {{3rd USENIX Workshop on Offensive Technologies}},
  year = {2009},
  date-added = {2009-08-31 21:29:50 -0700},
  date-modified = {2009-09-12 22:11:08 -0700}
}

@SPECIFICATION{crossdomain-spec,
  title = {Cross-domain policy file specification},
  key = {adobe-crossdomain.xml},
  author = {Adobe Systems, Inc.},
  note = {\url{http://learn.adobe.com/wiki/download/attachments/64389123/CrossDomain_PolicyFile_Specification.pdf?version=1}},
  owner = {hodges},
  timestamp = {2010.03.16}
}

@INPROCEEDINGS{captcha,
  author = {Luis von Ahn and Manuel Blum, Nick Hopper and John Langford},
  title = {{CAPTCHA}: Using Hard {AI} Problems for Security},
  booktitle = {Eurocrypt 2003}
}

@MISC{airey-repudiate,
  author = {David Airey},
  title = {An informal chat with {Google}},
  month = {March},
  year = {2008},
  note = {\url{http://www.davidairey.com/google-site-links-gmail-hack-search-penalty/}}
}

@MISC{airey,
  author = {David Airey},
  title = {Google's {Gmail} security failure leaves my business sabotaged},
  month = {December},
  year = {2007},
  note = {\url{http://www.davidairey.co.uk/google-gmail-security-hijack/}}
}

@MISC{Anley2002,
  author = {Chris Anley},
  title = {Advanced SQL Injection In SQL Server Applications},
  howpublished = {Online},
  year = {2002},
  note = {\url{http://www.nccgroup.com/Libraries/Document_Downloads/Advanced_SQL_Injection_in_SQL_Server_Applications.sflb.ashx}},
  owner = {hodges},
  timestamp = {2011.04.23}
}

@SPECIFICATION{dnssec-4033,
  title = {DNS security introduction and requirements},
  author = {Roy Arends and Rob Austein and Matt Larson and Dan Massey and Scott
	Rose},
  edition = {RFC 4033},
  month = {March},
  organization = {IETF},
  year = {2005},
  owner = {hodges},
  timestamp = {2010.03.19}
}

@SPECIFICATION{dnssec-4034,
  title = {Resource records for the DNS security extensions},
  author = {Roy Arends and Rob Austein and Matt Larson and Dan Massey and Scott
	Rose},
  edition = {RFC 4034},
  month = {March},
  organization = {IETF},
  year = {2005},
  owner = {hodges},
  timestamp = {2010.03.19}
}

@SPECIFICATION{dnssec-4035,
  title = {Protocol Modifications for the DNS Security Extensions},
  author = {Roy Arends and Rob Austein and Matt Larson and Dan Massey and Scott
	Rose},
  edition = {RFC 4035},
  month = {March},
  organization = {IETF},
  year = {2005},
  owner = {hodges},
  timestamp = {2010.03.19}
}

@INPROCEEDINGS{codeinject,
  author = {Elias Athanasopoulos and Vasilis Pappas and Evangelos P. Markatos},
  title = {Code-Injection Attacks in Browsers Supporting Policies},
  booktitle = {Proceedings of the IEEE Web 2.0 Security and Privacy Workshop, 2009},
  year = {2009},
  owner = {hodges},
  timestamp = {2010.03.19}
}

@MISC{csrf-captcha,
  author = {Robert Auger},
  title = {The Cross-Site Request Forgery ({CSRF/XSRF}) {FAQ}},
  year = {2007},
  note = {\url{http://www.cgisecurity.com/articles/csrf-faq.shtml}}
}

@ARTICLE{nytimesaol,
  author = {Michael Barbaro and Tom Zeller Jr.},
  title = {A Face Is Exposed for {AOL} Searcher No.~4417749},
  journal = {The New York Times},
  year = {2006},
  month = {August},
  note = {\url{http://www.nytimes.com/2006/08/09/technology/09aol.htm}},
  day = {9}
}

@OTHER{chromium,
  author = {Adam Barth},
  date-added = {2009-06-15 20:37:16 -0700},
  date-modified = {2009-06-15 20:37:33 -0700},
  title = {{Severity Guidelines for Security Issues:} http://dev.chromium.org/developers/severity-guidelines}
}

@INPROCEEDINGS{sniff,
  author = {Adam Barth and Juan Caballero and Dawn Song},
  title = {Secure Content Sniffing for Web Browsers {\em or} How to Stop Papers
	from Reviewing Themselves},
  booktitle = {Proceedings of the 30th IEEE Symposium on Security \& Privacy},
  year = {2009},
  address = {Oakland, CA},
  month = may
}

@INPROCEEDINGS{websec-extvulns,
  author = {Adam Barth and Adrienne Porter Felt and Prateek Saxena and Aaron
	Boodman},
  title = {Protecting Browsers from Extension Vulnerabilities},
  booktitle = {Proceedings of the 17th Annual Network \& Distributed System Security
	Symposium},
  year = {2010},
  owner = {hodges},
  timestamp = {2010.03.17}
}

@SPECIFICATION{barth-origin-spec,
  title = {The Web Origin Concept},
  author = {Adam Barth and Collin Jackson and Ian Hickson},
  edition = {Internet-Draft},
  publisher = {IETF},
  year = {2009},
  note = {\url{http://tools.ietf.org/html/draft-abarth-origin}},
  owner = {hodges},
  timestamp = {2010.03.19}
}

@INPROCEEDINGS{postmash,
  author = {Adam Barth and Collin Jackson and William Li},
  title = {{Attacks on JavaScript Mashup Communication}},
  booktitle = {{Proceedings of the Web 2.0 Security and Privacy 2009}},
  year = {2009},
  date-modified = {2009-12-06 13:55:07 -0800}
}

@INPROCEEDINGS{post-message,
  author = {Adam Barth and Collin Jackson and John C. Mitchell},
  title = {{Securing Frame Communication in Browsers}},
  booktitle = {{Proceedings of the 17th USENIX Security Symposium}},
  year = {2008},
  date-modified = {2009-09-12 22:10:52 -0700}
}

@INPROCEEDINGS{robustdefensescsrf,
  author = {Adam Barth and Collin Jackson and John C. Mitchell},
  title = {Robust Defenses for Cross-Site Request Forgery},
  booktitle = {Proceedings of ACM Conference on Computer and Communications Security
	(CCS)},
  year = {2008},
  month = {October}
}

@MISC{session-swapping,
  author = {Adam Barth and Collin Jackson and John C. Mitchell},
  title = {Session Swapping: Login Cross-Site Request Forgery},
  month = {March},
  year = {2008},
  note = {Manuscript}
}

@TECHREPORT{kr,
  author = {Adam Barth and Collin Jackson and Charles Reis and {The Google Chrome
	Team}},
  title = {{The Security Architecture of the Chromium Browser}},
  institution = {Google},
  year = {2008},
  date-added = {2009-09-17 23:09:59 -0700},
  date-modified = {2009-12-06 13:55:43 -0800}
}

@INPROCEEDINGS{heapgraph,
  author = {Adam Barth and Joel Weinberger and Dawn Song},
  title = {{Cross-Origin JavaScript Capability Leaks: Detection, Exploitation,
	and Defense}},
  booktitle = {USENIX Security Symposium},
  year = {2009},
  date-added = {2009-09-17 20:15:01 -0700},
  date-modified = {2009-09-17 20:15:35 -0700}
}

@MISC{minefieldsucks,
  author = {Mike Beltzner and others},
  title = {Create preference which restores per-page SSL error override option
	for IT professionals},
  note = {\url{https://bugzilla.mozilla.org/show_bug.cgi?id=399275}}
}

@MISC{rfc1945,
  author = {Tim Berners-Lee and Roy Fielding and Henrik Frystyk},
  title = {{Hypertext Transfer Protocol---HTTP/1.0}},
  howpublished = {IETF RFC 1945},
  month = {May},
  year = {1996}
}

@INPROCEEDINGS{BiddleEVcertStudy,
  author = {Robert Biddle and P.C. van Oorschot and Andrew S. Patrick and Jennifer
	Sobey and Tara Whalen},
  title = {Browser Interfaces and Extended Validation SSL Certificates: An Empirical
	Study},
  booktitle = {Proceedings of the 2009 ACM Cloud Computing Security Workshop},
  year = {2009},
  organization = {ACM},
  owner = {hodges},
  timestamp = {2010.04.27}
}

@OTHER{chromeinject,
  author = {BitDefender},
  date-added = {2009-05-12 22:15:17 -0700},
  date-modified = {2009-05-12 22:15:48 -0700},
  title = {Trojan.PWS.ChromeInject.B: http://www.bitdefender.com/VIRUS-1000451-en--Trojan.PWS.ChromeInject.B.html},
  urldate = {28 November 2008}
}

@MISC{gmailchecker,
  author = {Aaron Boodman and Eric Kay},
  title = {{Google Mail Checker}},
  howpublished = {\\ \url{http://code.google.com/chrome/extensions/samples.html}},
  date-added = {2009-12-07 17:16:48 -0800},
  date-modified = {2009-12-07 17:18:08 -0800}
}

@ARTICLE{breach-whid-2009-aug,
  author = {Breach Security, Inc.},
  title = {THE WEB HACKING INCIDENTS DATABASE 2009},
  year = {2009},
  month = {August},
  note = {url{http://www.breach.com/resources/whitepapers/downloads/WP_TheWebHackingIncidents-2009.pdf}},
  owner = {hodges},
  timestamp = {2010.03.19}
}

@OTHER{bho,
  author = {{CA}},
  date-added = {2009-05-13 01:06:29 -0700},
  date-modified = {2009-05-13 01:07:08 -0700},
  title = {{Win32/Clspring Family:} http://www.ca.com/us/securityadvisor/virusinfo/virus.aspx?id=42280},
  urldate = {23 March 2006}
}

@MISC{chase,
  author = {Chase},
  title = {Increased Security},
  note = {\url{http://www.chase.com/ccpmapp/shared/assets/page/occ_alert}}
}

@INPROCEEDINGS{script-accenting,
  author = {Shuo Chen and David Ross and Yi-Min Wang},
  title = {An analysis of browser domain-isolation bugs and a light-weight transparent
	defense mechanism},
  booktitle = {CCS '07: Proceedings of the 14th ACM conference on Computer and communications
	security},
  year = {2007},
  pages = {2--11},
  address = {New York, NY, USA},
  publisher = {ACM}
}

@INPROCEEDINGS{scriptaccenting,
  author = {Shuo Chen and Yi-Min Wang and David Ross},
  title = {An Analysis of Browser Domain-Isolation Bugs and A Light-Weight Transparent
	Defense Mechanism},
  booktitle = {Proc. ACM Conference on Computer and Communications Security (CCS)},
  year = {2007}
}

@INPROCEEDINGS{SIF,
  author = {Stephen Chong and K. Vikram and Andrew C. Myers},
  title = {{SIF}: Enforcing Confidentiality and Integrity in Web Applications},
  booktitle = {Proc. USENIX Security Symposium},
  year = {2007}
}

@INPROCEEDINGS{spoofguard,
  author = {N. Chou and R. Ledesma and Y. Teraguchi and J. Mitchell},
  title = {Client-side defense against web-based identity theft},
  booktitle = {Proceedings of the 11th Annual Network and Distributed Systems Security
	Symposium (NDSS)},
  year = {2004}
}

@MISC{petname-toolbar,
  author = {Tyler Close},
  title = {Petname Tool},
  note = {\url{http://www.waterken.com/user/PetnameTool/}}
}

@MISC{yurl,
  author = {Tyler Close},
  title = {Decentralized Identification},
  note = {\url{http://www.waterken.com/dev/YURL/}}
}

@MISC{CERT-2000-02-XSS,
  author = {{Computer Emergency Response Team (CERT)}},
  title = {Advisory CA-2000-02 Malicious HTML Tags Embedded in Client Web Requests},
  howpublished = {Online},
  month = {February},
  year = {2000},
  note = {\url{http://www.cert.org/advisories/CA-2000-02.html}},
  owner = {hodges},
  timestamp = {2011.04.23}
}

@SPECIFICATION{netscape-cookies-spec,
  title = {PERSISTENT CLIENT STATE {HTTP} COOKIES},
  author = {Netscape Communications Corporation.},
  year = {undated},
  owner = {hodges},
  timestamp = {2010.03.16}
}

@INPROCEEDINGS{tahoma,
  author = {R. S. Cox and J. G. Hansen and S. D. Gribble and H. M. Levy},
  title = {A safety-oriented platform for web applications},
  booktitle = {IEEE Symposium on Security and Privacy},
  year = {2006},
  date-added = {2009-05-13 00:22:34 -0700},
  date-modified = {2009-05-13 00:23:15 -0700}
}

@INPROCEEDINGS{omash,
  author = {Steven Crites and Francis Hsu and Hao Chen},
  title = {OMash: {Enabling} secure web mashups via object abstractions},
  booktitle = {CCS '08: Proceedings of the 15th ACM conference on Computer and communications
	security},
  year = {2008},
  pages = {99--108},
  publisher = {ACM}
}

@MISC{adsafe,
  author = {Douglas Crockford},
  title = {{ADsafe}},
  note = {\url{http://adsafe.org/}}
}

@MISC{adsafe-dom,
  author = {Douglas Crockford},
  title = {{ADsafe DOM API}},
  xnote = {\\ \url{http://adsafe.org/dom.html}}
}

@MISC{jslint,
  author = {Douglas Crockford},
  title = {{JSLint}},
  note = {\url{http://jslint.com/}}
}

@MISC{jsonrequest,
  author = {Douglas Crockford},
  title = {{JSONRequest}},
  year = {2006},
  note = {\url{http://json.org/JSONRequest.html}}
}

@MISC{moduletag,
  author = {Douglas Crockford},
  title = {The $<$module$>$ tag: A proposed solution to the mashup security
	problem},
  year = {2006},
  note = {\url{http://www.json.org/module.html}}
}

@BOOK{daswani-book,
  title = {Foundations of Security: What Every Programmer Needs to Know},
  publisher = {Apress},
  year = {2007},
  author = {Neil Daswani and Christoph Kern and Anita Kesavan}
}

@MISC{owasp-session-fixation-protection,
  author = {Rogan Dawes},
  title = {{Session Fixation}},
  year = {2008},
  note = {\url{http://www.owasp.org/index.php/Session_Fixation_Protection}}
}

@MISC{sans-top-20,
  author = {Rohit Dhamankar and others},
  title = {SANS Top-20 Security Risks},
  year = {2007},
  note = {\url{http://www.sans.org/top20/2007/}}
}

@INPROCEEDINGS{dss,
  author = {Rachna Dhamija and J. D. Tygar},
  title = {The Battle Against Phishing: Dynamic Security Skins},
  booktitle = {Proceedings of the 2005 Symposium on Usable Privacy and Security
	(SOUPS)}
}

@INPROCEEDINGS{whyphishingworks,
  author = {Rachna Dhamija and J. D. Tygar and Marti Hearst},
  title = {Why Phishing Works},
  booktitle = {Proceedings of the Conference on Human Factors in Computing Systems
	(CHI)},
  year = {2006}
}

@SPECIFICATION{ietf-tls,
  title = {The Transport Layer Security (TLS) Protocol Version 1.2},
  author = {Tim Dierks and Eric Rescorla},
  month = {August},
  organization = {IETF},
  year = {2008},
  note = {\url{http://www.ietf.org/rfc/rfc5246.txt}},
  owner = {hodges},
  timestamp = {2010.03.21}
}

@ARTICLE{identitymisbinding,
  author = {Whitfield Diffie and Paul C. van Oorschot and Michael J. Wiener},
  title = {Authentication and Authenticated Key Exchanges},
  journal = {Designs, Codes and Cryptography},
  year = {1992},
  volume = {2},
  pages = {107-125},
  number = {2}
}

@INPROCEEDINGS{xax,
  author = {J. R. Douceur and J. Elson and J. Howell and J. R. Lorch},
  title = {Leveraging legacy code to deploy desktop applications on the web},
  booktitle = {USENIX Operating System Design and Implementation},
  year = {2008},
  date-added = {2009-05-13 00:23:16 -0700},
  date-modified = {2009-05-13 00:23:49 -0700}
}

@INPROCEEDINGS{EgelmanPhishWarnStudy,
  author = {Serge Egelman and Lorrie Faith Cranor and Jason Hong},
  title = {You've Been Warned: An Empirical Study of the Effectiveness of Web
	Browser Phishing Warnings},
  booktitle = {CHI 2008, April 5 - 10, 2008, Florence, Italy},
  year = {2008},
  organization = {ACM},
  owner = {hodges},
  timestamp = {2010.04.27}
}

@MISC{Endler2002,
  author = {David Endler},
  title = {The Evolution of Cross-Site Scripting Attacks},
  howpublished = {Online},
  month = {May},
  year = {2002},
  note = {\url{http://www.net-security.org/dl/articles/XSS.pdf}},
  owner = {hodges},
  timestamp = {2011.04.23}
}

@INPROCEEDINGS{webappsec-e2e,
  author = {Ulfar Erlingsson and Benjamin Livshits and Yinglian Xie},
  title = {End-to-end Web Application Security},
  booktitle = {Proceedings of 11th Workshop on Hot Topics in Operating Systems ({HotOS
	XI})},
  year = {2007},
  organization = {USENIX},
  note = {\url{http://www.usenix.org/event/hotos07/tech/full_papers/erlingsson/erlingsson.pdf}},
  owner = {hodges},
  timestamp = {2010.03.17}
}

@INPROCEEDINGS{xfi,
  author = {{\'{U}}lfar Erlingsson and Mart{\'\i}n Abadi and Michael Vrable and
	Mihai Budiu and George C. Necula},
  title = {{XFI}: Software Guards for System Address Spaces},
  booktitle = {Symposium on Operating System Design and Implementation (OSDI)},
  year = {2006}
}

@MISC{FBJS,
  author = {Facebook},
  title = {FBJS},
  note = {\url{http://wiki.developers.facebook.com/index.php/FBJS}}
}

@MISC{fbml,
  author = {Facebook},
  title = {Facebook {M}arkup {L}anguage ({FBML})},
  xnote = {\url{http://wiki.developers.facebook.com/index.php/FBML}}
}

@INPROCEEDINGS{congame,
  author = {E. W. Felten and D. Balfanz and D. Dean and D. S. Wallach},
  title = {{Web Spoofing: An Internet Con Game}},
  booktitle = {20th National Information Systems Security Conference},
  year = {1997},
  month = {October},
  location = {Maryland}
}

@INPROCEEDINGS{felten97congame,
  author = {Edward W. Felten and Dirk Balfanz and Drew Dean and Dan S. Wallach},
  title = {{Web Spoofing: An Internet Con Game}},
  booktitle = {20th National Information Systems Security Conference},
  year = {1997},
  month = {October},
  location = {Maryland}
}

@MISC{rfc1808,
  author = {R. Fielding},
  title = {{Relative Uniform Resource Locators}},
  howpublished = {IETF RFC 1808},
  month = {June},
  year = {1995}
}

@MISC{openid2-spec,
  author = {Brad Fitzpatrick and David Recordon and Dick Hardt and Johnny Bufu
	and Josh Hoyt and others},
  title = {{OpenID} Authentication 2.0},
  month = {December},
  year = {2007},
  note = {\url{http://openid.net/specs/openid-authentication-2_0.html}}
}

@BOOK{xss-book,
  title = {XSS Attacks: Cross Site Scripting Exploits and Defense},
  publisher = {Syngress},
  year = {2007},
  author = {Seth Fogie and Jeremiah Grossman and Robert Hansen and Anton Rager
	and Petko D. Petkov},
  pages = {480}
}

@MISC{evguidelines,
  author = {Certificate Authority Browser Forum},
  title = {Extended Validation Certificate Guidelines},
  note = {\url{http://cabforum.org/EV_Certificate_Guidelines.pdf}}
}

@INPROCEEDINGS{GRASP,
  author = {Ariel Futoransky and Ezequiel Gutesman and Ariel Waissbein},
  title = {{A dynamic technique for enhancing the security and privacy of web
	applications}},
  booktitle = {Black Hat},
  year = {2007},
  month = {August},
  location = {Las Vegas}
}

@ARTICLE{homograph,
  author = {E. Gabrilovich and A. Gontmakher},
  title = {{The Homograph Attack}},
  journal = {Communications of the ACM},
  year = {2002},
  volume = {45},
  number = {2},
  page = {128}
}

@ARTICLE{csrf-cpanel-netgear-linksys,
  author = {Dan Goodin},
  title = {cPanel, Netgear and Linksys susceptible to nasty attack - Unholy
	Trinity},
  journal = {The Register},
  year = {2009},
  note = {\url{http://www.theregister.co.uk/2009/08/02/unholy_trinity_csrf/}},
  owner = {hodges},
  timestamp = {2010.03.19}
}

@ARTICLE{GoodinIE8Flaw,
  author = {Dan Goodin},
  title = {Major {IE8} flaw makes 'safe' sites unsafe - Microsoft's {XSS} buster
	busted},
  journal = {The Register},
  year = {2009},
  month = {November},
  note = {\url{http://www.theregister.co.uk/2009/11/20/internet_explorer_security_flaw/}},
  owner = {hodges},
  timestamp = {2010.03.21}
}

@OTHER{chrome,
  author = {Google},
  date-added = {2009-05-13 01:02:19 -0700},
  date-modified = {2009-05-13 01:02:49 -0700},
  title = {{Chrome Extension HOWTO}: http://dev.chromium.org/developers/design-documents/extensions/howto},
  urldate = {12 May 2009}
}

@MISC{chromegallery,
  author = {Google},
  title = {{Google Chrome Extensions: Most popular gallery}},
  howpublished = {\url{https://chrome.google.com/extensions/list/popular}},
  date-added = {2009-12-16 18:34:50 -0800},
  date-modified = {2009-12-16 18:35:12 -0800}
}

@MISC{gwt-security,
  author = {Google},
  title = {{Security for GWT Applications}},
  note = {\url{http://groups.google.com/group/Google-Web-Toolkit/web/security-for-gwt-applications}}
}

@MISC{google-chrome,
  author = {Google},
  title = {{Google Chrome}},
  howpublished = {Web},
  year = {undated},
  note = {\url{http://www.google.com/chrome}},
  owner = {hodges},
  timestamp = {2010.03.21}
}

@MISC{blackhatdemo,
  author = {Robert Graham},
  title = {Sidejacking with {H}amster},
  month = {August},
  year = {2007},
  note = {\url{http://erratasec.blogspot.com/2007/08/sidejacking-with-hamster_05.html}}
}

@INPROCEEDINGS{love-plugins,
  author = {Chris Grier and Samuel T. King and Dan S. Wallach},
  title = {{How I Learned to Stop Worrying and Love Plugins}},
  booktitle = {{Web 2.0 Security and Privacy}},
  year = {2009},
  date-added = {2009-09-13 22:18:09 -0700},
  date-modified = {2009-09-13 22:18:58 -0700}
}

@INPROCEEDINGS{op-browser,
  author = {Chris Grier and Shuo Tang and Samuel T. King},
  title = {{Secure Web Browsing with the OP Web Browser}},
  booktitle = {{IEEE Symposium on Security and Privacy}},
  year = {2008},
  date-modified = {2009-09-12 22:12:20 -0700}
}

@MISC{clickjacking,
  author = {Jeremiah Grossman},
  title = {Clickjacking: {Web} pages can see and hear you},
  month = {October},
  year = {2008},
  xnote = {\url{http://jeremiahgrossman.blogspot.com/2008/10/clickjacking-web-pages-can-see-and-hear.html}}
}

@MISC{magicquotes,
  author = {The PHP Group},
  title = {Magic Quotes},
  note = {\url{http://php.net/magic_quotes}}
}

@INPROCEEDINGS{pwdmultiplier,
  author = {J. A. Halderman and Brent Waters and Edward W. Felten},
  title = {A Convenient Method for Securely Managing Passwords},
  booktitle = {Proceedings of the 14th International World Wide Web Conference (WWW)},
  year = {2005}
}

@INPROCEEDINGS{Halfond2006,
  author = {William G. J. Halfond and Jeremy Viegas and Alessandro Orso},
  title = {A Classification of SQL Injection Attacks and Countermeasures},
  booktitle = {International Symposium on Secure Software Engineering},
  year = {2006},
  organization = {IEEE},
  note = {\url{http://www.cc.gatech.edu/fac/Alex.Orso/papers/halfond.viegas.orso.ISSSE06.pdf}},
  owner = {hodges},
  timestamp = {2011.04.23}
}

@TECHREPORT{dCSRF-defined,
  author = {Nathan Hamiel and Shawn Moyer},
  title = {Dynamic Cross-Site Request Forgery - A Per-Request Approach to Session
	Riding},
  institution = {Hexagon Security Group},
  year = {2009},
  month = {July},
  note = {\url{http://hexsec.com/docs/Dynamic_CSRF_rev1.pdf}},
  owner = {hodges},
  timestamp = {2010.03.19}
}

@MISC{igoogle-blackhat,
  author = {Robert Hansen and Tom Stracener},
  title = {Xploiting {Google} Gadgets: {Gmalware} and Beyond},
  month = {August},
  year = {2008},
  note = {Black Hat briefing}
}

@ARTICLE{confused-deputy,
  author = {Norm Hardy},
  title = {The Confused Deputy: (or why capabilities might have been invented)},
  journal = {SIGOPS Oper. Syst. Rev.},
  year = {1988},
  volume = {22},
  pages = {36--38},
  number = {4},
  address = {New York, NY, USA},
  publisher = {ACM}
}

@ARTICLE{keykos,
  author = {Norm Hardy},
  title = {The Keykos Architecture},
  journal = {Operating Systems Review},
  year = {1985},
  address = {New York, NY, USA},
  publisher = {ACM}
}

@MISC{block-referer-headers-firefox,
  author = {Elliotte Rusty Harold},
  title = {Privacy Tip \#3: Block {Referer} Headers in {Firefox}},
  month = {October},
  year = {2006},
  note = {\url{http://cafe.elharo.com/privacy/privacy-tip-3-block-referer-headers-in-firefox/}}
}

@MISC{minefieldrocks,
  author = {Frank Hecker and others},
  title = {Improve error reporting for invalid-certificate errors},
  note = {\url{https://bugzilla.mozilla.org/show_bug.cgi?id=327181}}
}

@MISC{csrfx,
  author = {Mario Heiderich},
  title = {{CSRFx}},
  year = {2007},
  note = {\url{http://php-ids.org/category/csrfx/}}
}

@MISC{hixie,
  author = {Ian Hickson},
  title = {{DOM Core Performance, Test 1}},
  howpublished = {\\ \url{http://www.hixie.ch/tests/adhoc/perf/dom/artificial/core/001.html}},
  date-added = {2009-12-06 18:27:11 -0800},
  date-modified = {2009-12-06 18:28:39 -0800}
}

@MISC{html5-spec,
  author = {Ian Hickson and others},
  title = {{HTML 5 Working Draft}},
  xnote = {\\ \url{http://www.whatwg.org/specs/web-apps/current-work/}}
}

@MISC{postmessage,
  author = {Ian Hickson and others},
  title = {Cross-Document Messaging},
  note = {\url{http://www.w3.org/html/wg/html5/\#crossDocumentMessages}}
}

@SPECIFICATION{STS-spec,
  title = {Strict Transport Security},
  author = {Jeff Hodges and Collin Jackson and Adam Barth},
  edition = {draft},
  month = {December},
  year = {2009},
  note = {\url{http://lists.w3.org/Archives/Public/www-archive/2009Dec/att-0048/draft-hodges-strict-transport-sec-06.plain.html}},
  owner = {hodges},
  timestamp = {2010.03.16}
}

@MISC{holevoet,
  author = {Dan Holevoet},
  title = {Changes to inline gadgets},
  month = {August},
  year = {2008},
  note = {\url{http://igoogledeveloper.blogspot.com/2008/08/changes-to-inlined-gadgets.html}}
}

@MISC{verisign06ev,
  author = {VeriSign Inc.},
  title = {{VeriSign Certification Practice Statement}},
  month = {November},
  year = {2006},
  note = {\url{http://www.verisign.com/repository/CPS/VeriSignCPSv3.3.pdf}},
  day = {15},
  pages = {80--84}
}

@MISC{jsonrequest-for-firefox,
  author = {Collin Jackson},
  title = {{JSONRequest for Firefox}},
  year = {2006},
  note = {\url{http://json.org/JSONRequest.html}}
}

@MISC{security-restricted-framebust,
  author = {Collin Jackson},
  title = {Defeating Frame Busting Techniques},
  year = {2005},
  note = {\url{http://crypto.stanford.edu/framebust/}}
}

@INPROCEEDINGS{bofgo,
  author = {Collin Jackson and Adam Barth},
  title = {Beware of Finer-Grained Origins},
  booktitle = {{Web 2.0 Security and Privacy}},
  year = {2008},
  date-added = {2009-09-17 20:03:24 -0700},
  date-modified = {2009-09-17 20:04:15 -0700}
}

@INPROCEEDINGS{forcehttps,
  author = {Collin Jackson and Adam Barth},
  title = {{ForceHTTPS}: Protecting High-Security Web Sites from Network Attacks},
  booktitle = {Proceedings of the 17th International World Wide Web Conference (WWW)},
  year = {2008},
  month = {April}
}

@MISC{safelock,
  author = {Collin Jackson and Adam Barth},
  title = {{SafeLock}: Preventing Origin Contamination by Mixed Content},
  year = {2008},
  note = {\url{http://crypto.stanford.edu/websec/safelock}}
}

@INPROCEEDINGS{dns-rebinding,
  author = {Collin Jackson and Adam Barth and Andrew Bortz and Weidong Shao and
	Dan Boneh},
  title = {Protecting Browsers from {DNS} Rebinding Attacks},
  booktitle = {Proceedings of the 14th ACM Conference on Computer and Communications
	Security (CCS 2007)},
  year = {2007},
  month = {November}
}

@INPROCEEDINGS{jacksonhistorystealing,
  author = {Collin Jackson and Andrew Bortz and Dan Boneh and John C. Mitchell},
  title = {Protecting Browser State from Web Privacy Attacks},
  booktitle = {Proceedings of the 15th International World Wide Web Conference (WWW)},
  year = {2006},
  month = {May},
  date-modified = {2009-09-13 22:48:09 -0700}
}

@INPROCEEDINGS{JacksonEVcertStudy,
  author = {Collin Jackson and Dan Simon and Desney Tan and Adam Barth},
  title = {An Evaluation of Extended Validation and Picture-in-Picture Phishing
	Attacks},
  booktitle = {Proceedings of the 2007 Workshop on Usable Security (USEC 2007)},
  year = {2007},
  owner = {hodges},
  timestamp = {2010.04.27}
}

@INPROCEEDINGS{subspace,
  author = {Collin Jackson and Helen J. Wang},
  title = {Subspace: Secure Cross-Domain Communication for Web Mashups},
  booktitle = {Proceedings of the 16th International World Wide Web Conference.
	(WWW)},
  year = {2007}
}

@MISC{beep-webpage,
  author = {Trevor Jim and Nikhil Swamy and Michael Hicks},
  title = {{BEEP}: Browser-Enforced Embedded Policies},
  howpublished = {Web},
  note = {\url{http://www2.research.att.com/~trevor/beep.html}},
  owner = {hodges},
  timestamp = {2010.03.17}
}

@INPROCEEDINGS{beep,
  author = {Trevor Jim and Nikhil Swamy and Michael Hicks},
  title = {Defeating Script Injection Attacks with Browser-Enforced Embedded
	Policies},
  booktitle = {Proceedings of the 14th International World Wide Web Conference (WWW)},
  year = {2007}
}

@INPROCEEDINGS{RequestRodeo,
  author = {Martin Johns and Justus Winter},
  title = {{RequestRodeo}: Client Side Protection against Session Riding},
  booktitle = {Proceedings of the OWASP Europe 2006 Conference},
  year = {2006},
  pages = {5--17},
  month = {May}
}

@MISC{johnson-referer-header,
  author = {Aaron Johnson},
  title = {The {Referer} header, intranets and privacy},
  month = {February},
  year = {2007},
  note = {\url{http://cephas.net/blog/2007/02/06/the-referer-header-intranets-and-privacy/}}
}

@MISC{cookie-injection,
  author = {Paul Johnston and Richard Moore},
  title = {Multiple Browser Cookie Injection Vulnerabilities},
  month = {September},
  year = {2004},
  note = {\url{http://www.westpoint.ltd.uk/advisories/wp-04-0001.txt}}
}

@INPROCEEDINGS{csrf,
  author = {Nenad Jovanovic and Engin Kirda and Christopher Kruegel},
  title = {Preventing Cross Site Request Forgery Attacks},
  booktitle = {Proceedings of the IEEE International Conference on Security and
	Privacy for Emerging Areas in Communication Networks (Securecomm)},
  year = {2006}
}

@INPROCEEDINGS{noforge,
  author = {Nenad Jovanovic and Engin Kirda and Christopher Kruegel},
  title = {Preventing Cross Site Request Forgery Attacks},
  booktitle = {IEEE International Conference on Security and Privacy in Communication
	Networks (SecureComm)},
  year = {2006}
}

@INPROCEEDINGS{pixy,
  author = {N. Jovanovic and C. Kruegel and E. Kirda},
  title = {Pixy: A Static Analysis Tool for Detecting Web Application Vulnerabilities},
  booktitle = {IEEE Symposium on Security and Privacy},
  year = {2006},
  location = {Oakland}
}

@INPROCEEDINGS{locked-sop,
  author = {Chris Karlof and Umesh Shankar and J. D. Tygar and David Wagner},
  title = {Dynamic Pharming Attacks and Locked Same-Origin Policies for Web
	Browsers},
  booktitle = {Proceedings of the 14th ACM Conference on Computer and Communications
	Security (CCS 2007)},
  year = {2007},
  month = {November}
}

@SPECIFICATION{cors,
  title = {Cross-Origin Resource Sharing (CORS)},
  author = {Anne van Kesteren},
  edition = {W3C Working Draft},
  month = {March},
  organization = {w3c},
  year = {2009},
  note = {\url{http://www.w3.org/TR/2009/WD-cors-20090317/}},
  owner = {hodges},
  timestamp = {2010.03.16}
}

@MISC{cross-site-xhr,
  author = {Anne van Kesteren and others},
  title = {Access Control for Cross-site Requests},
  note = {\url{http://www.w3.org/TR/access-control/}}
}

@INPROCEEDINGS{noxes,
  author = {Engin Kirda and Christopher Kruegel and Giovanni Vigna and Nenad
	Jovanovic},
  title = {Noxes: A Client-Side Solution for Mitigating Cross Site Scripting
	Attacks},
  booktitle = {Proceedings of the 21st ACM Symposium on Applied Computing (SAC)},
  year = {2006}
}

@ARTICLE{popular,
  author = {kkovash},
  title = {{How Many Firefox Users Customize Their Browser?}},
  journal = {Blog of Metrics},
  year = {2009},
  date-added = {2009-09-12 21:53:40 -0700},
  date-modified = {2009-09-12 21:54:23 -0700}
}

@MISC{klein-referrer-spoofing,
  author = {Amit Klein},
  title = {{Exploiting the XMLHttpRequest object in IE---Referrer spoofing and
	a lot more\ldots}},
  month = {September},
  year = {2005},
  note = {\url{http://www.cgisecurity.com/lib/XmlHTTPRequest.shtml}}
}

@MISC{quirksmode-framebust,
  author = {Peter-Paul Koch},
  title = {Frame Busting},
  note = {\\ \url{http://www.quirksmode.org/js/framebust.html}}
}

@MISC{framebusting,
  author = {Peter-Paul Koch},
  title = {Frame Busting},
  year = {2004},
  note = {\url{http://www.quirksmode.org/js/framebust.html}}
}

@INPROCEEDINGS{ask-dan,
  author = {Hugo Krawczyk},
  title = {{SIGMA}: the {'SIGn-and-MAc'} Approach to
	
	Authenticated {Diffie-Hellman}
	
	and its Use in the {IKE} Protocols},
  booktitle = {CRYPTO 2003, LNCS 2729},
  year = {2003}
}

@MISC{rfc2965,
  author = {D. Kristol and L. Montulli},
  title = {{HTTP State Management Mechanism}},
  howpublished = {IETF RFC 2965},
  month = {October},
  year = {2000}
}

@MISC{rfc2109,
  author = {David Kristol and Lou Montulli},
  title = {{HTTP State Management Mechanism}},
  howpublished = {IETF RFC 2109},
  month = {February},
  year = {1997}
}

@INPROCEEDINGS{puppetnets,
  author = {V. T. Lam and Spiros Antonatos and P. Akritidis and Kostas G. Anagnostakis},
  title = {Puppetnets: Misusing Web Browsers as a Distributed Attack Infrastructure},
  booktitle = {Proceedings of the 13th ACM Conference on Computer and Communication
	Security (CCS)},
  year = {2006},
  month = {October}
}

@ARTICLE{lampson-os-access-control,
  author = {Butler Lampson},
  title = {Protection and Access Control in Operating Systems},
  journal = {Operating Systems: Infotech State of the Art Report},
  year = {1972},
  volume = {14},
  pages = {309--326},
  publisher = {Infotech}
}

@MISC{ie8-frame-options,
  author = {Eric Lawrence},
  title = {IE8 Security Part VII: ClickJacking Defenses},
  howpublished = {Web},
  month = {January},
  year = {2009},
  note = {\url{http://blogs.msdn.com/ie/archive/2009/01/27/ie8-security-part-vii-clickjacking-defenses.aspx}},
  keywords = {X-FRAME-OPTIONS},
  owner = {hodges},
  timestamp = {2010.03.16}
}

@MISC{ie8-beta2update-nosniff,
  author = {Eric Lawrence},
  title = {IE8 Security Part VI: Beta 2 Update},
  howpublished = {Web},
  month = {September},
  year = {2008},
  note = {\url{http://blogs.msdn.com/ie/archive/2008/09/02/ie8-security-part-vi-beta-2-update.aspx}},
  owner = {hodges},
  timestamp = {2010.03.16}
}

@BOOK{capabilities,
  title = {Capability-Based Computer Systems},
  publisher = {Digital Press},
  year = {1984},
  author = {H. M. Levy},
  date-added = {2009-05-13 00:24:51 -0700},
  date-modified = {2009-05-13 00:25:18 -0700}
}

@UNPUBLISHED{liverani,
  author = {Roberto Suggi Liverani and Nick Freeman},
  title = {{Abusing Firefox Extensions}},
  note = {Defcon17},
  month = {July},
  year = {2009},
  date-added = {2009-08-31 17:40:50 -0700},
  date-modified = {2009-09-12 22:12:52 -0700}
}

@INPROCEEDINGS{TerLouwHypertxtIso,
  author = {Mike Ter Louw and Prithvi Bisht and V.N. Venkatakrishnan},
  title = {Analysis of Hypertext Isolation Techniques for XSS Prevention},
  booktitle = {The Web 2.0 Security and Privacy Conference},
  year = {2008},
  organization = {IEEE},
  owner = {hodges},
  timestamp = {2010.04.28}
}

@INPROCEEDINGS{venkat,
  author = {M. T. Louw and J. S. Lim and V. N. Venkatakrishnan},
  title = {Enhancing web browser security against malware extensions},
  booktitle = {Journal in Computer Virology},
  year = {August 2008},
  date-added = {2009-05-13 00:02:18 -0700},
  date-modified = {2009-05-13 00:03:30 -0700}
}

@INPROCEEDINGS{javascript-semantics,
  author = {Sergio Maffeis and John C. Mitchell and Ankur Taly},
  title = {An Operational Semantics for {JavaScript}},
  booktitle = {Proceedings of the 6th Asian Programming Language Symposium (APLAS)},
  year = {2008},
  month = {December}
}

@MISC{php-cookieless,
  author = {PHP Manual},
  title = {Session Handling Functions},
  note = {\url{http://www.phpbuilder.com/manual/en/ref.session.php}}
}

@MISC{noscript,
  author = {Giorgio Maone},
  title = {{NoScript}},
  note = {\url{http://noscript.net/}}
}

@SPECIFICATION{abe-rules-spec,
  title = {Application Boundaries Enforcer ({ABE}) {NoScript} Module Rules Syntax
	And Capabilities},
  author = {Giorgio Maone},
  edition = {Version 0.7},
  howpublished = {Web},
  month = {February},
  year = {2010},
  note = {\url{http://noscript.net/abe/abe_rules.pdf}},
  owner = {hodges},
  timestamp = {2010.03.18}
}

@MISC{abe,
  author = {Giorgio Maone},
  title = {{ABE} - Application Boundaries Enforcer},
  year = {2009},
  note = {\url{http://noscript.net/abe/}},
  owner = {hodges},
  timestamp = {2010.03.16}
}

@MISC{abe-webauthor,
  author = {Giorgio Maone},
  title = {{ABE} for Web Authors},
  year = {2009},
  note = {\url{http://noscript.net/abe/web-authors.html}},
  owner = {hodges},
  timestamp = {2010.03.18}
}

@MISC{contentrestrictions,
  author = {Gervase Markham},
  title = {Content restrictions},
  howpublished = {Web},
  month = {March},
  year = {2007},
  note = {\url{http://www.gerv.net/security/content-restrictions/}}
}

@MISC{sslstrip,
  author = {Moxie Marlinspike},
  title = {{SSLSTRIP}},
  howpublished = {Web},
  year = {2009},
  note = {\url{http://www.thoughtcrime.org/software/sslstrip/}},
  owner = {hodges},
  timestamp = {2010.03.16}
}

@INPROCEEDINGS{wske,
  author = {Chris Masone and Kwang-Hyun Baek and Sean Smith},
  title = {{WSKE}: Web Server Key Enabled Cookies},
  booktitle = {Proceedings of Usable Security 2007 (USEC '07)}
}

@OTHER{formspy,
  author = {McAfee},
  date-added = {2009-05-12 22:14:22 -0700},
  date-modified = {2009-05-12 22:18:45 -0700},
  lastchecked = {12 May 2009},
  title = {Form Spy: http://vil.nai.com/vil/content/v\_140256.htm},
  urldate = {25 July 2006}
}

@TECHREPORT{joee,
  author = {A. Mettler and D. Wagner},
  title = {The {Joe-E} Language Specification},
  institution = {{EECS} Department, UC Berkeley},
  year = {2008},
  date-added = {2009-05-13 00:25:21 -0700},
  date-modified = {2009-05-13 00:26:18 -0700}
}

@MISC{msft-ie8,
  author = {Microsoft},
  title = {Internet Explorer 8: Home page},
  note = {\url{http://www.microsoft.com/Windows/internet-explorer/}},
  owner = {hodges},
  timestamp = {2010.03.21}
}

@MISC{phishingfilter,
  author = {Microsoft},
  title = {Phishing Filter Frequently Asked Questions},
  note = {\url{https://phishingfilter.microsoft.com/faq.aspx}}
}

@MISC{requestvalidation,
  author = {Microsoft},
  title = {Request Validation: Preventing Script Attacks},
  note = {\url{http://asp.net/learn/whitepapers/request-validation}}
}

@MISC{xdomainrequest,
  author = {Microsoft},
  title = {{XDomainRequest} Object},
  note = {\url{http://msdn2.microsoft.com/en-us/library/cc288060(VS.85).aspx}}
}

@ARTICLE{httponly-msft-spec,
  author = {Microsoft},
  title = {Mitigating Cross-site Scripting With {HTTP-only} Cookies},
  journal = {MSDN Library},
  year = {undated},
  note = {\url{http://msdn.microsoft.com/en-us/library/ms533046%28VS.85%29.aspx}},
  owner = {hodges},
  timestamp = {2010.03.19}
}

@ARTICLE{xss-msft,
  author = {Microsoft},
  title = {Event 1046 - Cross-Site Scripting Filter},
  journal = {MSDN Library},
  year = {undated},
  note = {\url{http://msdn.microsoft.com/en-us/library/dd565647%28VS.85%29.aspx}},
  owner = {hodges},
  timestamp = {2010.03.20}
}

@MISC{protectedmode,
  author = {{Microsoft Developer Network}},
  title = {{Introduction of the Protected Mode API}},
  howpublished = {\url{http://msdn.microsoft.com/en-us/library/ms537319(VS.85).aspx}},
  date-added = {2009-12-06 18:30:31 -0800},
  date-modified = {2009-12-06 18:30:57 -0800}
}

@MISC{taming,
  author = {Mark Miller},
  title = {A Theory of Taming},
  xnote = {\\ \url{http://www.erights.org/elib/legacy/taming.html}}
}

@TECHREPORT{caja,
  author = {M. S. Miller and M. Samuel and B. Laurie and I. Awad and M. Stay},
  title = {Caja: Safe active content in sanitized {JavaScript}},
  institution = {Google},
  year = {2008},
  date-added = {2009-05-13 00:26:26 -0700},
  date-modified = {2009-05-13 00:27:01 -0700}
}

@MISC{CVE-2008-4058,
  author = {Mitre},
  title = {{CVE-2008-4058}},
  xnote = {\url{http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4058}}
}

@MISC{CVE-2008-4059,
  author = {Mitre},
  title = {{CVE-2008-4059}},
  xnote = {\url{http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4059}}
}

@MISC{CVE-2008-5512,
  author = {Mitre},
  title = {{CVE-2008-5512}},
  xnote = {\url{http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5512}}
}

@MISC{mozilla-security-advisory-2005-58,
  author = {{Mozilla Foundation}},
  title = {Security Advisory 2005-58},
  month = {September},
  year = {2005},
  note = {\\\url{http://www.mozilla.org/security/announce/2005/mfsa2005-58.html}},
  date-modified = {2009-09-12 21:51:11 -0700}
}

@OTHER{adblockpop,
  author = {{Mozilla Labs}},
  date-added = {2009-05-12 21:42:59 -0700},
  date-modified = {2009-09-12 21:51:00 -0700},
  title = {Add-on Directory: https://addons.mozilla.org/en-US/firefox/addon/1865},
  urldate = {12 May 2009}
}

@OTHER{addons,
  author = {{Mozilla Labs}},
  date-added = {2009-09-12 21:49:46 -0700},
  date-modified = {2009-09-12 21:50:35 -0700},
  title = {https://addons.mozilla.org},
  urldate = {10 September 2000}
}

@MISC{cross-origin-wrappers,
  author = {{Mozilla Labs}},
  title = {{XPConnect} wrappers},
  note = {\\ \url{http://developer.mozilla.org/en/docs/XPConnect_wrappers}},
  date-modified = {2009-09-12 21:50:54 -0700}
}

@MISC{jetpack,
  author = {{Mozilla Labs}},
  title = {{Jetpack}},
  howpublished = {\\ \url{https://wiki.mozilla.org/Labs/Jetpack}},
  date-added = {2009-05-13 01:10:21 -0700},
  date-modified = {2009-12-06 13:57:11 -0800},
  lastchecked = {12 May 2009}
}

@OTHER{xpcomapi,
  author = {{Mozilla Labs}},
  date-added = {2009-06-15 20:33:30 -0700},
  date-modified = {2009-06-15 20:41:55 -0700},
  title = {{XPCOM API Reference:} https://developer.mozilla.org/en/XPCOM\_API\_Reference}
}

@OTHER{xpidl,
  author = {{Mozilla Labs}},
  date-added = {2009-06-15 20:35:19 -0700},
  date-modified = {2009-06-15 20:35:48 -0700},
  title = {{XPIDL:} https://developer.mozilla.org/en/XPIDL}
}

@ARTICLE{amoeba-os,
  author = {Sape J. Mullender and Guido van Rossum and Andrew Tannenbaum and
	Robbert van Renesse and Hans van Staveren},
  title = {Amoeba: A Distributed Operating System for the 1990s},
  journal = {Computer},
  year = {1990},
  volume = {23},
  pages = {44-53},
  number = {5},
  address = {Washington, DC, USA},
  publisher = {IEEE}
}

@ARTICLE{csrf-twitter-follow,
  author = {Ryan Naraine},
  title = {{CSRF} vulnerability allows Twitter {'follow'} abuse},
  journal = {{ZDNet 'Zero Day' Blog}},
  year = {2008},
  month = {July},
  note = {\url{http://blogs.zdnet.com/security/?p=1611}},
  owner = {hodges},
  timestamp = {2010.03.19}
}

@MISC{netscape-cookies,
  author = {Netscape},
  title = {Persistent Client State: {HTTP} Cookies},
  note = {\url{http://curl.haxx.se/rfc/cookie_spec.html}}
}

@INBOOK{netscapejstaint,
  chapter = {5: Using data tainting for security},
  title = {Netscape Navigator Handbook 3.0},
  year = {1996},
  author = {Netscape}
}

@MISC{cookie-path-best-practice,
  author = {Martin O'Neal},
  title = {Cookie Path Best Practice},
  note = {\url{http://research.corsaire.com/whitepapers/040323-cookie-path-best-practice.pdf}}
}

@MISC{dns-ssr-cant-wont,
  author = {Andy Ozment and Stuart E. Schechter and Rachna Dhamija},
  title = {Can't, won't, and shouldn't have to - How sites can manage HTTPS
	when users don't},
  howpublished = {Unpublished manuscript},
  year = {2010},
  owner = {hodges},
  timestamp = {2010.03.19}
}

@INPROCEEDINGS{DNS-SSR-Position,
  author = {Andy Ozment and Stuart E. Schechter and Rachna Dhamija},
  title = {Web Sites Should Not Need to Rely on Users to Secure Communications},
  booktitle = {W3C Workshop on Transparency and Usability of Web Authentication},
  year = {2006},
  month = {March},
  note = {\url{http://www.eecs.harvard.edu/~stuart/papers/w3c06.pdf}},
  owner = {hodges},
  timestamp = {2010.03.19}
}

@INPROCEEDINGS{phoolproof,
  author = {Bryan Parno and Cynthia Kuo and Adrian Perrig},
  title = {Phoolproof Phishing Prevention},
  booktitle = {Proceedings of the Financial Cryptography and Data Security 10th
	International Conference},
  year = {2006}
}

@INPROCEEDINGS{aoldatadump,
  author = {Greg Pass and Abdur Chowdhury and Cayley Torgeson},
  title = {A picture of search},
  booktitle = {InfoScale '06: Proceedings of the 1st International Conference on
	Scalable Information Systems},
  year = {2006}
}

@MISC{pdp-gmail-hijack,
  author = {Petko D. Petkov},
  title = {Google {Gmail} E-mail Hijack Technique},
  month = {September},
  year = {2007},
  note = {\url{http://www.gnucitizen.org/blog/google-gmail-e-mail-hijack-technique/}}
}

@MISC{pdp-preventing-csrf,
  author = {Petko D. Petkov},
  title = {Preventing {CSRF}},
  month = {March},
  year = {2007},
  note = {\url{http://www.gnucitizen.org/blog/preventing-csrf/}}
}

@MISC{yngve-cookie-integrity,
  author = {Yngve Pettersen},
  title = {{HTTP} State Management Mechanism v2},
  howpublished = {IETF Internet Draft},
  month = {February},
  year = {2008},
  note = {\url{http://www.ietf.org/internet-drafts/draft-pettersen-cookie-v2-02.txt}}
}

@MISC{gmailsecure,
  author = {Mark Pilgrim},
  title = {{GMailSecure}},
  year = {2005},
  note = {\url{http://userscripts.org/scripts/review/1404}}
}

@MISC{flickrext,
  author = {Dan Pupius},
  title = {{Fittr Flickr Extension for Chrome}},
  howpublished = {\\ \url{http://code.google.com/p/fittr/}},
  date-added = {2009-12-07 16:53:16 -0800},
  date-modified = {2009-12-07 16:53:51 -0800}
}

@MISC{jetpack-faq,
  author = {Aza Raskin},
  title = {Jetpack {FAQ}},
  howpublished = {\url{http://www.azarask.in/blog/post/jetpack-faq/}},
  year = {2009}
}

@MISC{openid1-spec,
  author = {David Recordon and Brad Fitzpatrick},
  title = {{OpenID} Authentication 1.1},
  month = {May},
  year = {2006},
  note = {\url{http://openid.net/specs/openid-authentication-1_1.html}}
}

@TECHREPORT{ReisImprvBrwsSec,
  author = {Charles Reis},
  title = {Improving the Security and Robustness of Modern Web Browsers},
  institution = {University of Washington},
  year = {2007},
  month = {May},
  owner = {hodges},
  timestamp = {2010.04.28}
}

@ARTICLE{browsersec-chromelessons,
  author = {Charles Reis and Adam Barth and Carlos Pizano},
  title = {Browser Security: Lessons from Google Chrome},
  journal = {ACM Queue},
  year = {2009},
  pages = {1-8},
  note = {\url{http://www.adambarth.com/papers/2009/reis-barth-pizano.pdf}},
  owner = {hodges},
  timestamp = {2010.03.17}
}

@INPROCEEDINGS{browsershield,
  author = {C. Reis and J. Dunagan and H. Wang and O. Dubrovsky and S. Esmeir},
  title = {Browser{S}hield: Vulnerability-Driven Filtering of Dynamic HTML},
  booktitle = {Operating Systems Design and Implementation (OSDI)},
  year = {2006}
}

@ARTICLE{csrf-facebook-quaji,
  author = {Ronen},
  title = {Facebook CSRF attack - Full Disclosure},
  journal = {Quaji Blog},
  year = {2009},
  month = {August},
  note = {\url{http://blog.quaji.com/2009/08/facebook-csrf-attack-full-disclosure.html}},
  owner = {hodges},
  timestamp = {2010.03.19}
}

@INPROCEEDINGS{pwdhash,
  author = {Blake Ross and Collin Jackson and Nick Miyake and Dan Boneh and John
	Mitchell},
  title = {Stronger Password Authentication using Browser Extensions},
  booktitle = {Proceedings of the 14th USENIX Security Symposium},
  year = {2005}
}

@MISC{DRossEtAlXSSOverview,
  author = {David Ross and Ivan Brugiolo and John Coates and Michael Roe},
  title = {Cross-site Scripting Overview},
  howpublished = {Online},
  month = {Februrary},
  year = {2000},
  note = {\url{http://ha.ckers.org/cross-site-scripting.html}},
  abstract = {A security issue has come to Microsoft?s attention that
	
	we refer to as ?cross-site scripting?. This is not an
	
	entirely new issue ? elements of the information we
	
	present have been known for some time within the
	
	software development community. However, the overall
	
	scope of the issue is larger than previously understood,
	
	both in terms of the breadth of the problem and the risk
	
	that it presents. It is important to explore the issue more
	
	comprehensively due to the current growth and
	
	complexity of the Web.},
  owner = {hodges},
  timestamp = {2011.04.23}
}

@MISC{mozillasameorigin,
  author = {J. Ruderman},
  title = {{JavaScript Security: Same Origin}},
  note = {\url{http://www.mozilla.org/projects/security/components/same-origin.html}}
}

@ARTICLE{SaltzSchrodProtectInfo,
  author = {Jerome H. Saltzer and Michael D. Schroeder},
  title = {The Protection of Information in Computer Systems},
  journal = {Communications of the ACM},
  year = {1974},
  volume = {17},
  number = {7},
  month = {July},
  owner = {hodges},
  timestamp = {2010.04.28}
}

@MISC{malvertising,
  author = {William Salusky},
  title = {Malvertising},
  month = {12},
  year = {2007},
  note = {\url{http://isc.sans.org/diary.html?storyid=3727}},
  owner = {hodges},
  timestamp = {2010.03.16}
}

@SPECIFICATION{httpssr,
  title = {Storing {HTTP} Security Requirements in the Domain Name System},
  author = {Stuart E. Schechter},
  month = {October},
  year = {2007},
  note = {\url{}\url{http://lists.w3.org/Archives/Public/public-wsc-wg/2007Apr/att-0332/http-ssr.txt}},
  date = {26}
}

@INPROCEEDINGS{emperor,
  author = {Stuart E. Schechter and Rachna Dhamija and Andy Ozment and Ian Fischer},
  title = {The Emperor's New Security Indicators},
  booktitle = {Proceedings of the 2007 IEEE Symposium on Security and Privacy}
}

@MISC{secunia-security-advisory-16942,
  author = {Secunia},
  title = {Microsoft {Internet Explorer} ``{XMLHTTP}'' {HTTP} Request Injection},
  month = {September},
  year = {2005},
  note = {\url{http://secunia.com/advisories/16942/}}
}

@MISC{securityspace,
  author = {{Security Space and E-Soft}},
  title = {Secure Server Survey},
  month = {May},
  year = {2007},
  note = {\url{http://www.securityspace.com/s_survey/sdata/200704/certca.html}}
}

@INPROCEEDINGS{eros,
  author = {Jonathan S. Shapiro and Jonathan M. Smith and David J. Farber},
  title = {EROS: a fast capability system},
  booktitle = {17th ACM Symposium on Operating System Principles},
  year = {1999},
  address = {New York, NY, USA},
  publisher = {ACM}
}

@MISC{csrfguard,
  author = {Eric Sheridan},
  title = {{OWASP CSRFGuard Project}},
  year = {2008},
  note = {\url{http://www.owasp.org/index.php/CSRF_Guard}}
}

@TECHREPORT{EV-sobey-tr,
  author = {Jennifer Sobey and Tara Whalen and Robert Biddle and P.C. van Oorschot
	and Andrew S. Patrick},
  title = {Browser Interfaces and Extended Validation SSL Certificates: An Empirical
	Study},
  institution = {School of Computer Science, Carleton University},
  year = {2009},
  number = {TR-09-06},
  address = {Ottawa, Canada},
  note = {\url{http://www.scs.carleton.ca/shared/research/tech_reports/2009/TR-09-06%20Whalen.pdf}},
  owner = {hodges},
  timestamp = {2010.03.19}
}

@MISC{introducing-sfx,
  author = {Maciej Stachowiak},
  title = {Introducing {SquirrelFish Extreme}},
  year = {2008},
  xnote = {\url{http://webkit.org/blog/214/introducing-squirrelfish-extreme/}}
}

@TECHREPORT{drivebypharming,
  author = {Sid Stamm and Zulfikar Ramzan and Markus Jakobsson},
  title = {Drive-by Pharming},
  institution = {Indiana University Computer Science},
  year = {2006},
  number = {641},
  month = {Decenber}
}

@MISC{isec-ria,
  author = {Alex Stamos and David Thiel and Justine Osborne},
  title = {Living in the RIA World: Blurring the Line between Web and Desktop
	Security},
  year = {2008},
  note = {\url{https://www.isecpartners.com/files/RIA_World_BH_2008.pdf}},
  owner = {hodges},
  timestamp = {2010.03.21}
}

@SPECIFICATION{csp,
  title = {Content Security Policy (CSP)},
  author = {Brandon Sterne and Sid Stamm},
  edition = {Draft},
  howpublished = {Web},
  organization = {Mozilla.org},
  year = {2009},
  note = {\url{https://wiki.mozilla.org/Security/CSP/Spec}},
  owner = {hodges},
  timestamp = {2010.03.16}
}

@TECHREPORT{combex,
  author = {Marc Stiegler and Mark Samuel Miller},
  title = {A capability based client: The {DARPABrowser}},
  institution = {Combex Inc.},
  year = {2002},
  date-added = {2009-05-13 00:29:19 -0700},
  date-modified = {2009-05-13 00:29:58 -0700}
}

@INPROCEEDINGS{sunshine,
  author = {Joshua Sunshine and Serge Egelman and Hazim Almuhimedi and Neha Atri
	and Lorrie Faith Cranor},
  title = {{Crying Wolf: An Empirical Study of SSL Warning Effectiveness}},
  booktitle = {USENIX Security Symposium},
  year = {2009},
  date-added = {2009-09-13 21:08:27 -0700},
  date-modified = {2009-09-13 21:09:45 -0700}
}

@ARTICLE{swift05nooks,
  author = {Michael M. Swift and Brian N. Bershad and Henry M. Levy},
  title = {{Improving the Reliability of Commodity Operating Systems}},
  journal = {ACM Transactions on Computer Systems},
  year = {2005},
  volume = {23},
  pages = {77-110},
  number = {1},
  bdsk-url-1 = {http://nooks.cs.washington.edu/},
  date-modified = {2009-12-06 13:57:39 -0800},
  url = {http://nooks.cs.washington.edu/}
}

@TECHREPORT{mashware,
  author = {Antero Taivalsaari},
  title = {Mashware: The Future of Web Applications},
  institution = {Sun Microsystems Laboratories},
  year = {2009},
  number = {SMLI TR-2009-181},
  address = {Sun Labs
	
	16 Network Circle
	
	Menlo Park, CA 94025},
  month = {February},
  note = {\url{http://research.sun.com/techrep/2009/smli_tr-2009-181.pdf}},
  owner = {hodges},
  timestamp = {2010.03.19}
}

@MISC{WASConsortiumThreats2010,
  author = {{The Web Application Security Consortium (WASC)}},
  title = {The WASC Threat Classification v2.0},
  howpublished = {Online},
  month = {Jan},
  year = {2010},
  note = {\url{http://projects.webappsec.org/w/page/13246978/Threat-Classification}},
  owner = {hodges},
  timestamp = {2011.04.23}
}

@MISC{WASConsortiumWHID2010-2,
  author = {{The Web Application Security Consortium (WASC)} and Trustwave},
  title = {The Web Hacking Incident Database Semiannual Report July to December
	2010},
  howpublished = {Online},
  year = {2011},
  note = {\url{http://projects.webappsec.org/w/page/37719294/Web+Hacking+Incident+Database+2010+Semi+Annual+Report+-+2}},
  owner = {hodges},
  timestamp = {2011.04.23}
}

@INPROCEEDINGS{warkit1,
  author = {Alex Tsow},
  title = {Phishing with consumer electronics -- malicious home routers},
  booktitle = {Models of Trust for the Web Workshop at the 15th International World
	Wide Web Conference (WWW)},
  year = {2006},
  month = {May}
}

@ARTICLE{warkit2,
  author = {Alex Tsow and Markus Jakobsson and Liu Yang and Susanne Wetzel},
  title = {Warkitting: the drive-by subversion of wireless home routers},
  journal = {Journal of Digital Forensic Practice},
  year = {2006},
  volume = {1},
  number = {2},
  month = {November}
}

@INPROCEEDINGS{nomoxss,
  author = {Philipp Vogt and Florian Nentwich and Nenad Jovanovic and Engin Kirda
	and Christopher Kruegel and Giovanni Vigna},
  title = {Cross Site Scripting Prevention with Dynamic Data Tainting and Static
	Analysis},
  booktitle = {Proceedings of the Network and Distributed System Security Symposium
	(NDSS)},
  year = {2007}
}

@ARTICLE{websec-browser,
  author = {Thomas Wadlow and Vlad Gorelik},
  title = {Security in the Browser},
  journal = {ACM Queue},
  year = {2009},
  pages = {41-45},
  month = {February/March},
  note = {\url{http://delivery.acm.org/10.1145/1520000/1516164/p40-wadlow.pdf?key1=1516164&key2=1970688621&coll=GUIDE&dl=GUIDE&CFID=82388424&CFTOKEN=58472574}},
  owner = {hodges},
  timestamp = {2010.03.17}
}

@TECHREPORT{darpareview,
  author = {David Wagner and Dean Tribble},
  title = {A security analysis of the {Combex DARPABrowser} architecture},
  year = {2002},
  date-added = {2009-05-13 00:30:00 -0700},
  date-modified = {2009-05-13 00:30:31 -0700}
}

@INPROCEEDINGS{sfi,
  author = {Robert Wahbe and Steven Lucco and Thomas E. Anderson and Susan L.
	Graham},
  title = {{Efficient Software-Based Fault Isolation}},
  booktitle = {ACM Symposium on Operating Systems Principles ({SOSP})},
  year = {1994},
  date-modified = {2009-12-06 13:58:03 -0800}
}

@INPROCEEDINGS{mashupos,
  author = {Helen J. Wang and Xiaofeng Fan and Jon Howell and Collin Jackson},
  title = {{Protection and Communication Abstractions for Web Browsers in MashupOS}},
  booktitle = {21st ACM Symposium on Operating Systems Principles (SOSP)},
  year = {2007}
}

@INPROCEEDINGS{gazelle,
  author = {Helen J. Wang and Chris Grier and Alexander Moshchuk and Samuel T.
	King and Piali Choudhury and Herman Venter},
  title = {{The Multi-Principal OS Construction of the Gazelle Web Browser}},
  booktitle = {USENIX Security Symposium},
  year = {2009},
  date-added = {2009-09-17 23:12:05 -0700},
  date-modified = {2009-09-17 23:12:53 -0700}
}

@SPECIFICATION{dnssec-4470,
  title = {Minimally Covering NSEC Records and DNSSEC On-line Signing},
  author = {Samuel Weiler and Johan Ihren},
  edition = {RFC 4470},
  month = {April},
  organization = {IETF},
  year = {2006},
  owner = {hodges},
  timestamp = {2010.03.19}
}

@MISC{gmonkvuln,
  author = {Simon Willison},
  title = {{Understanding the Greasemonkey vulnerability}},
  howpublished = {\url{http://simonwillison.net/2005/Jul/20/vulnerability/}},
  date-added = {2009-09-17 23:26:41 -0700},
  date-modified = {2009-09-17 23:27:14 -0700}
}

@MISC{yahoosigninseal,
  author = {{Yahoo! Inc.}},
  title = {What is a sign-in seal?},
  note = {\url{http://security.yahoo.com/article.html?aid=2006102507}}
}

@INPROCEEDINGS{nacl,
  author = {B. Yee and D. Sehr and G. Dardyk and J. B. Chen and R. Muth and T.
	Ormandy and S. Okasaka and N. Narula and N. Fullagar},
  title = {Native Client: A sandbox for portable, untrusted x86 native code},
  booktitle = {IEEE Symposium on Security and Privacy},
  year = {2009},
  date-added = {2009-05-13 00:30:36 -0700},
  date-modified = {2009-05-13 00:31:28 -0700}
}

@INPROCEEDINGS{passpet,
  author = {Ka-Ping Yee and Kragen Sitaker},
  title = {Passpet: Convenient Password Management and Phishing Protection},
  booktitle = {Proceedings of the 2006 Symposium on Usable Privacy and Security
	(SOUPS)}
}

@INPROCEEDINGS{ycis07popl,
  author = {Dachuan Yu and Ajay Chander and Nayeem Islam and Igor Serikov},
  title = {Java{S}cript instrumentation for browser security},
  booktitle = {Principles of programming languages (POPL)},
  year = {2007}
}

@MISC{browsersechandbk,
  author = {Michal Zalewski},
  title = {Browser Security Handbook},
  howpublished = {Web},
  year = {undated},
  note = {\url{http://code.google.com/p/browsersec/}},
  owner = {hodges},
  timestamp = {2010.03.19}
}

@INPROCEEDINGS{phindingphish,
  author = {Yue Zhang and Serge Egelman and Lorrie Faith Cranor and Jason Hong},
  title = {Phinding Phish: Evaluating Anti-Phishing Tools},
  booktitle = {Proceedings of the 14th Annual Network and Distributed System Security
	Symposium (NDSS)},
  year = {2007}
}

@MISC{owasp-session-fixation,
  author = {Weilin Zhong},
  title = {{Session Fixation}},
  year = {2008},
  note = {\url{http://www.owasp.org/index.php/Session_Fixation}}
}

@INPROCEEDINGS{safedrive,
  author = {Feng Zhou and Jeremy Condit and Zachary Anderson and Ilya Bagrak
	and Rob Ennals and Matthew Harren and George Necula and Eric Brewer},
  title = {{SafeDrive}: Safe and Recoverable Extensions Using Language-Based
	Techniques{XFI}},
  booktitle = {Symposium on Operating System Design and Implementation (OSDI)},
  year = {2006}
}

@MISC{crosssafe,
  author = {Kris Zyp},
  title = {{CrossSafe}},
  xnote = {\\ \url{http://www.xucia.com/CrossSafe/readme.html}}
}

@MISC{bug1,
  title = {{Mozilla Security Advisory 2009-39}},
  howpublished = {\\ \url{http://www.mozilla.org/security/announce/2009/mfsa2009-39.html}},
  date-added = {2009-09-17 23:43:36 -0700},
  date-modified = {2009-09-17 23:44:10 -0700}
}

@MISC{bug2,
  title = {{Mozilla Security Advisory 2009-19}},
  howpublished = {\\ \url{http://www.mozilla.org/security/announce/2009/mfsa2009-19.html}},
  date-added = {2009-09-17 23:44:14 -0700},
  date-modified = {2009-09-17 23:44:43 -0700}
}

@MISC{bug3,
  title = {Arbitrary code execution using bug 459906},
  howpublished = {\\ \url{https://bugzilla.mozilla.org/show_bug.cgi?id=460983}},
  date-added = {2009-09-17 23:44:51 -0700},
  date-modified = {2009-09-17 23:45:05 -0700}
}

@MISC{digg,
  title = {Digg},
  note = {\url{http://digg.com/}},
  key = {Digg}
}

@MISC{dnssec,
  title = {{DNS Security Extensions}},
  note = {\url{http://www.dnssec.net/}},
  key = {dnssec}
}

@MISC{facebook,
  title = {Facebook},
  note = {\url{http://www.facebook.com/}},
  key = {facebook}
}

@MISC{flickr,
  title = {Flickr Photo Sharing},
  note = {\url{http://flickr.com/}},
  key = {Flickr}
}

@MISC{foxtab,
  title = {{FoxTab}},
  howpublished = {\url{http://www.foxtab.com}},
  date-added = {2009-09-12 22:03:11 -0700},
  date-modified = {2009-09-12 22:03:35 -0700}
}

@MISC{gmail,
  title = {Gmail: A {Google} approach to email},
  note = {\url{http://mail.google.com/}},
  key = {Gmail}
}

@MISC{httponly,
  title = {Scope of HTTPOnly Cookies},
  note = {\url{http://docs.google.com/View?docid=dxxqgkd_0cvcqhsdw}},
  owner = {hodges},
  timestamp = {2010.03.16}
}

@MISC{hushmail,
  title = {Hushmail},
  note = {\url{https://www.hushmail.com/}},
  key = {Hushmail}
}

@MISC{ietf,
  title = {Internet Engineering Task Force (IETF)},
  note = {\url{http://www.ietf.org/}},
  owner = {hodges},
  timestamp = {2010.03.21}
}

@MISC{json,
  title = {{JSON}},
  howpublished = {\url{http://www.json.org}},
  date-added = {2009-09-17 23:50:47 -0700},
  date-modified = {2009-09-17 23:51:02 -0700}
}

@MISC{paypal,
  title = {{PayPal}},
  note = {\url{www.paypal.com/ }},
  key = {PayPal}
}

@MISC{phpbb,
  title = {{phpBB}},
  note = {\url{http://phpbb.com/}},
  key = {phpBB}
}

@MISC{prototypejs,
  title = {Prototype {JavaScript} Framework},
  note = {\\ \url{http://www.prototypejs.org/}},
  key = {prototypejs}
}

@MISC{ruby-on-rails,
  title = {Ruby on Rails},
  note = {\url{http://www.rubyonrails.org/}},
  key = {Ruby}
}

@MISC{safebrowsing,
  title = {{Google Safe Browsing for Firefox}},
  note = {\url{www.google.com/tools/firefox/safebrowsing/}},
  key = {Google}
}

@MISC{sitekey,
  title = {{Bank of America SiteKey}},
  note = {\url{http://www.bankofamerica.com/privacy/sitekey/}},
  key = {Bank of America}
}

@MISC{skype,
  title = {Skype},
  howpublished = {\url{http://www.skype.com}},
  date-added = {2009-09-12 22:08:28 -0700},
  date-modified = {2009-09-12 22:08:38 -0700}
}

@MISC{toolbar,
  title = {{Google Toolbar}},
  howpublished = {\url{http://toolbar.google.com/}},
  date-added = {2009-09-12 22:00:36 -0700},
  date-modified = {2009-09-12 22:02:38 -0700}
}

@MISC{trac,
  title = {Trac},
  note = {\url{http://trac.edgewall.org/}},
  key = {Trac}
}

@MISC{W3C,
  title = {World Wide Web Consortium (W3C)},
  note = {\url{http://www.w3.org/}},
  owner = {hodges},
  timestamp = {2010.03.21}
}

@MISC{wireshark,
  title = {{Wireshark: What's on your network?}},
  note = {\url{http://www.wireshark.org/}},
  key = {wireshark}
}

@MISC{zemanta,
  title = {Zemanta},
  howpublished = {\url{http://www.zemanta.com}},
  date-added = {2009-09-13 23:12:46 -0700},
  date-modified = {2009-09-13 23:13:06 -0700}
}

@MISC{wikiped-ajax,
  title = {Ajax (programming)},
  howpublished = {Web},
  year = {undated},
  note = {\url{http://en.wikipedia.org/wiki/Ajax_%28programming%29}},
  owner = {hodges},
  timestamp = {2010.03.19}
}

@MISC{wikiped-RIA,
  title = {Rich Internet application},
  howpublished = {Web},
  year = {undated},
  note = {\url{http://en.wikipedia.org/wiki/Rich_Internet_application}},
  owner = {hodges},
  timestamp = {2010.03.19}
}

@comment{jabref-entrytype: Specification: req[title;key] opt[abstract;author;citeseercitationcount;citeseerurl;comment;edition;editor;howpublished;institution;month;organization;publisher;url;year;note]}