European Roadmap for Research on Web Security

The Web platform is a hotbed of innovation that will affect deployment of technologies and applications for the next decade, and will influence the security and privacy that European users and service providers can achieve. The STREWS project will link European security and trust related research and development with ongoing standards and development work for the Web in IETF and W3C.

The project will develop a technical state of practice document for Web Security as a basis for case studies on selected Web security topics. A roadmap for future research and standardization in the Web security field will provide guidance for ongoing and future research. Over the course of the project, STREWS will reach out to European industry and projects, and organize a series of workshops to collect broad input into its roadmapping and case study work, and to create a European Web security community across academia and practice

Feeds from partners

From IAB: IAB Publishes Statement on the Trade in Security Technologies

12 June 2015, 2:59 pm

The IAB has published a statement on the trade in security technologies. Read the full statement here.

>> Read more...

From W3C: Entry Point Regulation Draft Published

9 June 2015, 3:09 pm

The Web Application Security Working Group has published a Working Draft of Entry Point Regulation. Entry Point Regulation aims to mitigate the risk of reflected cross-site scripting (XSS), cross-site script inclusion (XSSI), and cross-site request forgery (CSRF) attacks by demarcating the areas of an application which are intended to be...

>> Read more...

From STREWS: New version of the STRINT workshop report

1 June 2015, 12:13 pm

The authors of the report of the STRINT workshop, held by STREWS in February 2014, published an updated report. This is the version 02, the third version after 00 and 01. It changes small (spelling) errors and it removes one appendix. The appendix, which contained the abstracts of all papers that were submitted to the workshop, is now integrated...

>> Read more...

From STREWS: 2nd High-level Cybersecurity Conference, 28th May 2015

22 May 2015, 3:37 pm

The European Commission, in the context of its “Digital Agenda for Europe”, is organizing a conference on cybersecurity. Registration closes Monday May 25. From the conference pages: This event […] will be devoted to trust and security in the digital world. Gunther Oettinger, Commissioner for Digital Economy and Society, will open the...

>> Read more...

From STREWS: Case Study: Web Security Architecture

12 May 2015, 7:00 pm

STREWS published its Second Case Study on Web Security Architecture:   Case study 2 Report: Web Security Architecture [PDF] The Open Web Platform is already transforming the Web again. More functionality on the Web increases the attacking surface. From a document driven Web, we are heading towards an action-driven Web. This also includes the...

>> Read more...

From STREWS: US-CERT article on Securing End-to-End Communications

6 May 2015, 1:05 pm

The United States Computer Emergency Readiness Team (US-CERT) normally puts out alerts about security failures in individual software systems, but this time decided to publish an article about Man-In-The-Middle (MITM) attacks in general and four existing mitigation strategies. After a brief introduction to MITM attacks, it recommends...

>> Read more...

From STREWS: IAB/ISOC "CARIS" workshop on cooperative responses to attacks

1 April 2015, 11:51 am

The IAB and ISOC invite papers for a workhop on large-scale, coordinated responses to security attacks. The workshop is called CARIS (Coordinating Attack Response at Internet Scale) and will be held in Berlin (Germany) on June 19, co-located with the FIRST Conference. See the IAB site for information about the workshop and instructions for...

>> Read more...

From Nessos: FOSAD 2015

18 February 2015, 7:37 pm

==================================================== 15TH INTERNATIONAL SCHOOL ON FOUNDATIONS OF SECURITY ANALYSIS AND DESIGN FOSAD 2015 ==================================================== http://www.sti.uniurb.it/events/fosad15 31 August - 5 September 2015, Bertinoro, Italy In cooperation with NESSoS and CryptoForma *** Application...

>> Read more...

From OWASP: OWASP August 19 Connector

19 August 2014, 10:32 pm

August 19, 2014 | | www.owasp.org | Contact Us | Brought to you by the OWASP Foundation Featured OWASP ProjectOWASP Web Spa Project The OWASP WebSpa Project is a Java web knocking tool for sending a single HTTP/S request to your web server in order to authorize the execution of a premeditated Operating System (O/S)...

>> Read more...

From OWASP: OWASP ASVS 2.0 (Application Security Verification Standard)

18 August 2014, 10:32 pm

(From Daniel Cuthbert) OWASP Community, It gives me immense pleasure to finally release version 2 of the OWASP Application Security Verification Standard for all to enjoy. The community feedback on this has been overwhelming and it's great to see so many of you investing time and effort into what Sahba and I feel is an incredibly...

>> Read more...

From OWASP:

15 August 2014, 5:57 pm

OWASP AppSec USA 2014 Adds Leading Global Experts to List of Speakers Are you registered for the upcoming OWASP conference? We are excited to be getting closer to the OWASP AppSec USA event and we have now announced our roster of keynote speakers.  The premier software security conference for developers, auditors, risk managers,...

>> Read more...

From OWASP: Call for Speakers: OWASP Ghana Cybersecurity Conference

13 August 2014, 7:40 pm

Maa chi, maa ha, maa jo, OWASP Community, eti sen? The OWASP Ghana Cybersecurity Conference will take place in Accra, Ghana this December for the second year in a row! The event dates are December 10 - 11, 2014. It amazes me that there are so many places on planet earth where OWASP is active in some way. If you are interested in speaking at...

>> Read more...

From OWASP: THIS FRIDAY is the DEADLINE to SUBMIT your CANDIDACY for the 2014 OWASP BOARD OF DIRECTORS

13 August 2014, 5:02 pm

Just a reminder that this FRIDAY, AUGUST 15 is the DEADLINE to submit your candidacy for the 2014 OWASP Global Board Of Directors.  For Information including eligibility requirements, primary responsibilities, election timeline and other important information, please visit our election...

>> Read more...

From Nessos: QASA 2014 - Program Available

24 June 2014, 9:44 am

3rd International Workshop on Quantitative Aspects in Security Assurance Affiliated workshop with ESORICS 2014 Wroclaw, Poland, September 11, 2014 www.iit.cnr.it/qasa2014 *** Invited Speakers: Elisa Bertino and  Audun Josang *** *Overview* There is an increasing demand for techniques to deal with quantitative aspects of...

>> Read more...

From Nessos: The 14th edition of the summer school on Foundations of Security Analysis and Design (FOSAD)

21 May 2014, 4:46 pm

14  Edition of the summer school on Foundations of Security Analysis and Design (FOSAD 2014)http://www.sti.uniurb.it/events/fosad14/ The 14th edition of the summer school on Foundations of Security Analysis and Design will be held in in the fascinating Rock of Bertinoro, Italy. This year edition is co-sponsored by NESSoS and...

>> Read more...

From Nessos: The Final version of the NESSoS research roadmap is available

2 February 2014, 9:45 pm

The final version of the NESSoS research roadmap is available at the URL:  http://www.nessos-project.eu/media/deliverables/y3/NESSoS-D4.3-PartII-Roadmap.pdf

>> Read more...

From Nessos: Project description

12 November 2010, 1:39 pm

The Network of Excellence on Engineering Secure Future Internet Software Services and Systems (NESSoS) aims at constituting and integrating a long lasting research community on engineering secure software-based services and systems.

>> Read more...

From Recent RFCs: RFC 7590: Use of Transport Layer Security (TLS) in the Extensible Messaging and Presence Protocol (XMPP)

This document provides recommendations for the use of Transport Layer Security (TLS) in the Extensible Messaging and Presence Protocol (XMPP). This document updates RFC 6120.

>> Read more...