Invasive browser sniffing and countermeasures

Social phishing

Communications of the ACM

Delayed password disclosure

ACM SIGACT News

Web Camouflage: Protecting Your Clients from Browser-Sniffing Attacks

IEEE Security and Privacy

Captcha-free throttling

Proceedings of the 2nd ACM workshop on Security and artificial intelligence

Reining in the web with content security policy

Proceedings of the 19th international conference on World wide web

An automatic HTTP cookie management system

Computer Networks: The International Journal of Computer and Telecommunications Networking

An empirical study of privacy-violating information flows in JavaScript web applications

Proceedings of the 17th ACM conference on Computer and communications security

Web browser history detection as a real-world privacy threat

ESORICS'10 Proceedings of the 15th European conference on Research in computer security

Identifying and resolving hidden text salting

IEEE Transactions on Information Forensics and Security

Timing is everything: the importance of history detection

ESORICS'11 Proceedings of the 16th European conference on Research in computer security

Scriptless attacks: stealing the pie without touching the sill

Proceedings of the 2012 ACM conference on Computer and communications security

Securing web-clients with instrumented code and dynamic runtime monitoring

Journal of Systems and Software

I know the shortened URLs you clicked on Twitter: inference attack using public click analytics and Twitter metadata

Proceedings of the 22nd international conference on World Wide Web

Flow stealing: A well-timed redirection attack

Journal of Computer Security - Research in Computer Security and Privacy: Emerging Trends