European Roadmap for Research on Web Security
The Web platform is a hotbed of innovation that will affect deployment of technologies and applications for the next decade, and will influence the security and privacy that European users and service providers can achieve. The STREWS project will link European security and trust related research and development with ongoing standards and development work for the Web in IETF and W3C. The project will develop a technical state of practice document for Web Security as a basis for case studies on selected Web security topics. A roadmap for future research and standardization in the Web security field will provide guidance for ongoing and future research. Over the course of the project, STREWS will reach out to European industry and projects, and organize a series of workshops to collect broad input into its roadmapping and case study work, and to create a European Web security community across academia and practice
Feeds from partners
From OWASP: AppSec USA 2014 Offers World-Class Training Sessions
15 July 2014, 5:19 pmБЂњSomething that looks like a protocol but does not accomplish a task is not a protocolБЂ”itБЂ™s a waste of time.БЂ« БЂ• Bruce Schneier, Applied Cryptography You wonБЂ™t want to miss Bruce ScheierБЂ™s keynote at the AppSec USA 2014 conference September 16-19 in Denver. But you also canБЂ™t afford to miss AppSec USAБЂ™s two full days of...
>> Read more...From OWASP: OWASP July 8, 2014 Connector
8 July 2014, 11:35 pmJuly 9, 2014 | | www.owasp.org | Contact Us | Brought to you by the OWASP Foundation Featured OWASP ProjectOWASP Java Encoder Project The OWASP Java Encoder is a Java 1.5+ simple-to-use drop-in high-performance encoder class with no dependencies and little baggage. This project will help Java web developers defend...
>> Read more...From OWASP: Another Staff Update - GK's Last Day
8 July 2014, 6:50 pmOWASP Leaders - Our Community Manager, GK Southwick, gave her 2 week notice to OWASP on June 27, 2014. GK's last day will be this upcoming Friday, July 11. Although GK has only been with us a short time, we appreciate the hard work and dedication she has had in trying to make headway in managing requests for new and existing...
>> Read more...From OWASP: AppSec USA 2014 - Denver, CO September 16-19
7 July 2014, 11:03 amAs you know, AppSec USA 2014 is going to be held in Denver, CO September 16-19. If you have not registered yet, be sure to do so HERE Do not forget that chapter leaders can attend the conference free of charge by using a discount code when registering. Additionally, there are discount codes for the...
>> Read more...From W3C: Last Call: Content Security Policy Level 2
3 July 2014, 4:30 pmThe Web Application Security Working Group has published a Last Call Working Draft of Content Security Policy Level 2. This document defines a policy language used to declare a set of content restrictions for a web resource, and a mechanism for transmitting the policy from a server to a client where the policy is enforced. […]
>> Read more...From OWASP: WASPY AWARD NOMINEES DEADLINE IS TODAY!!! SUBMIT YOUR NOMINEES NOW!!!
30 June 2014, 5:26 pmTODAY is the DEADLINE to submit your NOMINEES for the WASPY AWARDS!! https://www.owasp.org/index.php/WASPY_Awards_2014 This post brought to you by the OWASP AppSecNews feed
>> Read more...From Nessos: QASA 2014 - New deadlines
24 June 2014, 9:44 amQASA 2014 3rd International Workshop on Quantitative Aspects in Security Assurance Affiliated workshop with ESORICS 2014 Wroclow, Poland, September 10-11, 2014 www.iit.cnr.it/qasa2014 *Important dates*: Submission deadline for papers:PPPPPPP JulyP 8 2014 (new!) Notification:PPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPP July 30 2014 ...
>> Read more...From Nessos: The 14th edition of the summer school on Foundations of Security Analysis and Design (FOSAD)
21 May 2014, 4:46 pm14P Edition of the summer school on Foundations of Security Analysis and Design (FOSAD 2014)http://www.sti.uniurb.it/events/fosad14/ The 14th edition of the summer school on Foundations of Security Analysis and Design will be held in in the fascinating Rock of Bertinoro, Italy. This year edition is co-sponsored by NESSoS and...
>> Read more...From STREWS: First draft of STRINT workshop report available
15 May 2014, 5:53 pmThe first draft of the STRINT workshop report was published by the IETF as the Internet Draft draft-iab-strint-report-00. The same text is also available, with different formatting, from the STRINT Web site as draft-iab-strint-report.html. Co-chair Stephen Farrell summarizes the points on the projection screen during the concluding plenary...
>> Read more...From STREWS: CfP IEEE Internet Computing special issue on security and the real-time Web
31 March 2014, 6:39 pmThe STREWS project is guest editor for a special issue of the IEEE Internet Computing magazine. The theme is security and the real-time Web. This is a copy of the Call for Papers: Call for Papers The real-time Web (WebRTC) is a maturing technology involving many players in what could be a significant evolution or revolution for voice and...
>> Read more...From STREWS: A successful STRINT workshop
13 March 2014, 1:18 pmThe STRINT workshop concluded with some preliminary recommendations: Encryption works and needs to be used more, despite its cost (which is steadily going down anyway). Data minimization is worthwhile, too, but difficult: Traffic analysis research and protocol development need to work together. The threat models discussed in the workshop...
>> Read more...From STREWS: STRINT workshop papers published
8 February 2014, 6:31 pmThe first version of the agenda and the list of submitted papers of the STRINT workshop were published today. The agenda has seven sessions, three on Friday and the rest on Saturday: Threats, COMSEC (partP1), Policy, COMSEC (partP2), Metadata, Deployment, and Break-out sessions There are 66 papers. Together they give an overview of current...
>> Read more...From Nessos: The Final version of the NESSoS research roadmap is available
2 February 2014, 9:45 pmThe final version of the NESSoS research roadmap is available at the URL:P http://www.nessos-project.eu/media/deliverables/y3/NESSoS-D4.3-PartII-Roadmap.pdf
>> Read more...From STREWS: Submissions to STRINT workshop closed
21 January 2014, 5:49 pmThe deadline for position papers for the STRINT workshop has passed and submission is now closed. We are pleased with the large number of papers we received. The Program Committee is currently reviewing them and we expect to inform the authors of the results around JanuaryP31. The complete workshop program will be published around FebruaryP7.
>> Read more...From Nessos: Project description
12 November 2010, 1:39 pmThe Network of Excellence on Engineering Secure Future Internet Software Services and Systems (NESSoS) aims at constituting and integrating a long lasting research community on engineering secure software-based services and systems.
>> Read more...From Recent RFCs: RFC 7301: Transport Layer Security (TLS) Application-Layer Protocol Negotiation Extension
This document describes a Transport Layer Security (TLS) extension for application-layer protocol negotiation within the TLS handshake. For instances in which multiple application protocols are supported on the same TCP or UDP port, this extension allows the application layer to negotiate which protocol will be used within the TLS connection.
>> Read more...