European Roadmap for Research on Web Security

The Web platform is a hotbed of innovation that will affect deployment of technologies and applications for the next decade, and will influence the security and privacy that European users and service providers can achieve. The STREWS project will link European security and trust related research and development with ongoing standards and development work for the Web in IETF and W3C. The project will develop a technical state of practice document for Web Security as a basis for case studies on selected Web security topics. A roadmap for future research and standardization in the Web security field will provide guidance for ongoing and future research. Over the course of the project, STREWS will reach out to European industry and projects, and organize a series of workshops to collect broad input into its roadmapping and case study work, and to create a European Web security community across academia and practice

Feeds from partners

From OWASP: OWASP August 19 Connector

19 August 2014, 10:32 pm

August 19, 2014 | | www.owasp.org | Contact Us | Brought to you by the OWASP Foundation Featured OWASP ProjectOWASP Web Spa Project The OWASP WebSpa Project is a Java web knocking tool for sending a single HTTP/S request to your web server in order to authorize the execution of a premeditated Operating System (O/S)...

>> Read more...

From OWASP: OWASP ASVS 2.0 (Application Security Verification Standard)

18 August 2014, 10:32 pm

(From Daniel Cuthbert) OWASP Community, It gives me immense pleasure to finally release version 2 of the OWASP Application Security Verification Standard for all to enjoy. The community feedback on this has been overwhelming and it's great to see so many of you investing time and effort into what Sahba and I feel is an incredibly...

>> Read more...

From OWASP:

15 August 2014, 5:57 pm

OWASP AppSec USA 2014 Adds Leading Global Experts to List of Speakers Are you registered for the upcoming OWASP conference? We are excited to be getting closer to the OWASP AppSec USA event and we have now announced our roster of keynote speakers.  The premier software security conference for developers, auditors, risk managers,...

>> Read more...

From OWASP: Call for Speakers: OWASP Ghana Cybersecurity Conference

13 August 2014, 7:40 pm

Maa chi, maa ha, maa jo, OWASP Community, eti sen? The OWASP Ghana Cybersecurity Conference will take place in Accra, Ghana this December for the second year in a row! The event dates are December 10 - 11, 2014. It amazes me that there are so many places on planet earth where OWASP is active in some way. If you are interested in speaking at...

>> Read more...

From OWASP: THIS FRIDAY is the DEADLINE to SUBMIT your CANDIDACY for the 2014 OWASP BOARD OF DIRECTORS

13 August 2014, 5:02 pm

Just a reminder that this FRIDAY, AUGUST 15 is the DEADLINE to submit your candidacy for the 2014 OWASP Global Board Of Directors.  For Information including eligibility requirements, primary responsibilities, election timeline and other important information, please visit our election...

>> Read more...

From W3C: Workshop Report: W3C Workshop on the Web of Things

8 August 2014, 9:56 am

W3C published today the final report of the W3C Workshop on the Web of Things that was held on 25-26 June 2014, in Berlin (Germany). The workshop examined the opportunities for open Web standards for service platforms in the network edge and the cloud, along with the challenges for security, privacy and the integration with […]

>> Read more...

From W3C: First Public Working Draft: Referrer Policy

7 August 2014, 7:04 am

The Web Application Security Working Group has published a First Public Working Draft of Referrer Policy. This document describes how an author can set a referrer policy for documents they create, and the impact of such a policy on the referer HTTP header for outgoing requests and navigations. Learn more about the Security Activity.

>> Read more...

From W3C: First Draft of Mixed Content Published

22 July 2014, 2:19 pm

The Web Application Security Working Group has published a First Public Working Draft of Mixed Content. This specification details how user agents can mitigate risks to security and privacy by limiting a resource???s ability to inadvertently communicate in the clear, or to expose non-public resources to the web at large. This specification...

>> Read more...

From Nessos: QASA 2014 - Program Available

24 June 2014, 9:44 am

3rd International Workshop on Quantitative Aspects in Security Assurance Affiliated workshop with ESORICS 2014 Wroclaw, Poland, September 11, 2014 www.iit.cnr.it/qasa2014 *** Invited Speakers: Elisa Bertino and  Audun Josang *** *Overview* There is an increasing demand for techniques to deal with quantitative aspects of...

>> Read more...

From Nessos: The 14th edition of the summer school on Foundations of Security Analysis and Design (FOSAD)

21 May 2014, 4:46 pm

14  Edition of the summer school on Foundations of Security Analysis and Design (FOSAD 2014)http://www.sti.uniurb.it/events/fosad14/ The 14th edition of the summer school on Foundations of Security Analysis and Design will be held in in the fascinating Rock of Bertinoro, Italy. This year edition is co-sponsored by NESSoS and...

>> Read more...

From STREWS: First draft of STRINT workshop report available

15 May 2014, 5:53 pm

The first draft of the STRINT workshop report was published by the IETF as the Internet Draft draft-iab-strint-report-00. The same text is also available, with different formatting, from the STRINT Web site as draft-iab-strint-report.html. Co-chair Stephen Farrell summarizes the points on the projection screen during the concluding plenary...

>> Read more...

From STREWS: CfP IEEE Internet Computing special issue on security and the real-time Web

31 March 2014, 6:39 pm

The STREWS project is guest editor for a special issue of the IEEE Internet Computing magazine. The theme is security and the real-time Web. This is a copy of the Call for Papers: Call for Papers The real-time Web (WebRTC) is a maturing technology involving many players in what could be a significant evolution or revolution for voice and...

>> Read more...

From STREWS: A successful STRINT workshop

13 March 2014, 1:18 pm

The STRINT workshop concluded with some preliminary recommendations: Encryption works and needs to be used more, despite its cost (which is steadily going down anyway). Data minimization is worthwhile, too, but difficult: Traffic analysis research and protocol development need to work together. The threat models discussed in the workshop...

>> Read more...

From STREWS: STRINT workshop papers published

8 February 2014, 6:31 pm

The first version of the agenda and the list of submitted papers of the STRINT workshop were published today. The agenda has seven sessions, three on Friday and the rest on Saturday: Threats, COMSEC (part 1), Policy, COMSEC (part 2), Metadata, Deployment, and Break-out sessions There are 66 papers. Together they give an overview of current...

>> Read more...

From Nessos: The Final version of the NESSoS research roadmap is available

2 February 2014, 9:45 pm

The final version of the NESSoS research roadmap is available at the URL:  http://www.nessos-project.eu/media/deliverables/y3/NESSoS-D4.3-PartII-Roadmap.pdf

>> Read more...

From STREWS: Submissions to STRINT workshop closed

21 January 2014, 5:49 pm

The deadline for position papers for the STRINT workshop has passed and submission is now closed. We are pleased with the large number of papers we received. The Program Committee is currently reviewing them and we expect to inform the authors of the results around January 31. The complete workshop program will be published around February 7.

>> Read more...

From Nessos: Project description

12 November 2010, 1:39 pm

The Network of Excellence on Engineering Secure Future Internet Software Services and Systems (NESSoS) aims at constituting and integrating a long lasting research community on engineering secure software-based services and systems.

>> Read more...

From Recent RFCs: RFC 7349: LDP Hello Cryptographic Authentication

This document introduces a new optional Cryptographic Authentication TLV that LDP can use to secure its Hello messages. It secures the Hello messages against spoofing attacks and some well-known attacks against the IP header. This document describes a mechanism to secure the LDP Hello messages using Hashed Message Authentication Code (HMAC)...

>> Read more...