European Roadmap for Research on Web Security

The Web platform is a hotbed of innovation that will affect deployment of technologies and applications for the next decade, and will influence the security and privacy that European users and service providers can achieve. The STREWS project will link European security and trust related research and development with ongoing standards and development work for the Web in IETF and W3C.

The project will develop a technical state of practice document for Web Security as a basis for case studies on selected Web security topics. A roadmap for future research and standardization in the Web security field will provide guidance for ongoing and future research. Over the course of the project, STREWS will reach out to European industry and projects, and organize a series of workshops to collect broad input into its roadmapping and case study work, and to create a European Web security community across academia and practice

Feeds from partners

From W3C: First Public Working Draft: Content Security Policy Level 3

26 January 2016, 1:49 pm

The Web Application Security Working Group has published a Working Draft of Content Security Policy Level 3. This document defines a mechanism by which web developers can control the resources which a particular page can fetch or execute, as well as a number of security-relevant policy decisions.

>> Read more...

From W3C: W3C offers a secure, authenticated connection for all W3C resources

11 January 2016, 6:25 pm

We are pleased to announce that we upgraded today our servers to support both HTTP and HTTPS access to public resources. W3C advocates that the Web platform “actively prefer secure communication.” Thanks to recent work in the Web Application Security Working Group and supporting client implementations, and the deployment work of the...

>> Read more...

From W3C: First Public Working Drafts: CSP: Cookie Controls; Embedded Enforcement

15 December 2015, 3:35 pm

The Web Application Security Working Group has published two Working Drafts: Content Security Policy: Cookie Controls: This document defines mechanisms by which web developers can limit the ways in which cookies may be set in the context of their sites and applications. Content Security Policy: Embedded Enforcement: This document defines a...

>> Read more...

From W3C: TAG Draft: Self-Review Questionnaire: Security and Privacy

10 December 2015, 2:07 pm

The Technical Architecture Group has published a Group Note of Self-Review Questionnaire: Security and Privacy. This document lists a set of questions one could ask about the security and privacy impact of a new feature or specification. It is meant as a tool that groups or individuals can use as a guide during a self-review, […]

>> Read more...

From STREWS: Stephen Farrell at the EU Parliament's conference on privacy

13 November 2015, 12:26 pm

Stephen Farrell will participate in the high level conference on “Protecting online privacy by enhancing IT security and strengthening EU IT capabilities”, organized by the European Parliament. The dates are Tuesday 8 and Wednesday 9 December 2015. Participation is restricted to members of the EU Parliament, but the opening and closing session...

>> Read more...

From STREWS: Web Security Roadmap available

9 November 2015, 1:04 pm

The European Web Security Roadmap is the final deliverable of the STREWS project. It is the result of three years of work, including workshops and case studies. It contains an extensive overview of current practice, research and standardisation, as well as the gaps between them. Summary The document thoroughly assesses the current state of...

>> Read more...

From STREWS: The LogJam attack and its conjectured use in Pervasive Monitoring

19 October 2015, 11:14 pm

Log jam © 2007 born1945 (CC BY 2.0) A group of fourteen researchers from France and the US presented a paper at CCS 2015 in which they showed several problems with the way Diffie-Hellman (DH) key-exchange is used in practice. The DH protocol sets up session keys for encrypted communications in VPNs, HTTPS, and other...

>> Read more...

From STREWS: 5-Question survey (now also on Surveymonkey)

13 October 2015, 11:47 am

☑ The short survey about Web security is now also available as a Surveymonkey questionnaire: Web-security 5-question survey (via Surveymonkey) The STREWS project is creating a roadmap for Web security in the next five years. In order not to miss any important aspects, STREWS has created a little survey with five questions. If you want good...

>> Read more...

From STREWS: 5-Question survey

2 October 2015, 6:14 pm

☑ We opened a 5-question survey to validate the results for our roadmap. Please, help us by filling it out here: Web-security 5-question survey This very small Web-based survey asks for input about the use of Web technologies and concerns about Web security. It is aimed at everybody who creates or maintains a Web site. In other news: The...

>> Read more...

From OWASP: OWASP August 19 Connector

19 August 2014, 10:32 pm

August 19, 2014 | | www.owasp.org | Contact Us | Brought to you by the OWASP Foundation Featured OWASP ProjectOWASP Web Spa Project The OWASP WebSpa Project is a Java web knocking tool for sending a single HTTP/S request to your web server in order to authorize the execution of a premeditated Operating System (O/S)...

>> Read more...

From OWASP: OWASP ASVS 2.0 (Application Security Verification Standard)

18 August 2014, 10:32 pm

(From Daniel Cuthbert) OWASP Community, It gives me immense pleasure to finally release version 2 of the OWASP Application Security Verification Standard for all to enjoy. The community feedback on this has been overwhelming and it's great to see so many of you investing time and effort into what Sahba and I feel is an incredibly...

>> Read more...

From OWASP:

15 August 2014, 5:57 pm

OWASP AppSec USA 2014 Adds Leading Global Experts to List of Speakers Are you registered for the upcoming OWASP conference? We are excited to be getting closer to the OWASP AppSec USA event and we have now announced our roster of keynote speakers.  The premier software security conference for developers, auditors, risk managers,...

>> Read more...

From OWASP: Call for Speakers: OWASP Ghana Cybersecurity Conference

13 August 2014, 7:40 pm

Maa chi, maa ha, maa jo, OWASP Community, eti sen? The OWASP Ghana Cybersecurity Conference will take place in Accra, Ghana this December for the second year in a row! The event dates are December 10 - 11, 2014. It amazes me that there are so many places on planet earth where OWASP is active in some way. If you are interested in speaking at...

>> Read more...

From OWASP: THIS FRIDAY is the DEADLINE to SUBMIT your CANDIDACY for the 2014 OWASP BOARD OF DIRECTORS

13 August 2014, 5:02 pm

Just a reminder that this FRIDAY, AUGUST 15 is the DEADLINE to submit your candidacy for the 2014 OWASP Global Board Of Directors.  For Information including eligibility requirements, primary responsibilities, election timeline and other important information, please visit our election...

>> Read more...

From Nessos: QASA 2014 - Program Available

24 June 2014, 9:44 am

3rd International Workshop on Quantitative Aspects in Security Assurance Affiliated workshop with ESORICS 2014 Wroclaw, Poland, September 11, 2014 www.iit.cnr.it/qasa2014 *** Invited Speakers: Elisa Bertino and  Audun Josang *** *Overview* There is an increasing demand for techniques to deal with quantitative aspects of...

>> Read more...

From Nessos: IFIP WG 11.14 Secure Engineering (NESSoS)

24 May 2014, 8:51 am

  International Federation for Information Processing TC-11 Security and Privacy Protection in Information Processing Systems   Working Group (11.14) on Secure Engineering   Authors (in alphabetical order): Jorge Cuellar, SIEMENS,   Jorge.Cuellar@siemens.com Wouter Joosen, KU Leuven,...

>> Read more...

From Nessos: The 14th edition of the summer school on Foundations of Security Analysis and Design (FOSAD)

21 May 2014, 4:46 pm

14  Edition of the summer school on Foundations of Security Analysis and Design (FOSAD 2014)http://www.sti.uniurb.it/events/fosad14/ The 14th edition of the summer school on Foundations of Security Analysis and Design will be held in in the fascinating Rock of Bertinoro, Italy. This year edition is co-sponsored by NESSoS and...

>> Read more...

From Nessos: The Final version of the NESSoS research roadmap is available

2 February 2014, 9:45 pm

The final version of the NESSoS research roadmap is available at the URL:  http://www.nessos-project.eu/media/deliverables/y3/NESSoS-D4.3-PartII-Roadmap.pdf

>> Read more...

From Nessos: Project description

12 November 2010, 1:39 pm

The Network of Excellence on Engineering Secure Future Internet Software Services and Systems (NESSoS) aims at constituting and integrating a long lasting research community on engineering secure software-based services and systems.

>> Read more...

From Recent RFCs: RFC 7762: Initial Assignment for the Content Security Policy Directives Registry

This document establishes an Internet Assigned Number Authority (IANA) registry for Content Security Policy directives and populates that registry with the directives defined in the Content Security Policy Level 2 specification.

>> Read more...