Meet us at ...

SAC 2014

Daniel Hedin presents "JSFlow: Tracking Information Flow in JavaScript and its APIs" at SAC 2014 in Gyeongju, Korea.

WWW 2014

Nick Nikiforakis presents "Stranger danger: Exploring the ecosystem of ad-based URL shortening services" at WWW 2014 in Seoul, Korea.

AsiaCCS 2014

Steven Van Acker presents "Monkey-in-the-browser: Malware and vulnerabilities in augmented browsing script markets" at AsiaCCS 2014 in Kyoto, Japan.

IFIP SEC 2014

Bastian Braun presents "Ghostrail: Ad Hoc Control-Flow Integrity forWeb Applications" and "A Trusted UI for the Mobile Web" at IFIP SEC 2014 in Marrakech, Morocco.

CSF 2014

Mathy Vanhoef presents "Stateful Declassification Policies for Event-Driven Programs" at CSF 2014 in Vienna, Austria.

TRUST 2014

Tom Van Goethem presents "Large-scale security analysis of the web: Challenges and Findings" at TRUST 2014 in Crete, Greece.

The "Web Application Security" JCS Special Issue has been published

A selected and revised set of papers of the Dagstuhl Seminar on Web Application Security has been published as a special issue of the Journal of Computer Security. Guest editors of the special issue are Lieven Desmet, Martin Johns and Andrei Sabelfeld from the WebSand consortium, complemented with Ben Livshits from Microsoft Research.

Read more ...

WebSand results at the FOSAD 2014 summerschool

Andrei Sabelfeld will lecture some of the WebSand results on information flow control at the International School on Foundations of Security Analysis and Design (FOSAD 2014) from 1 to 6 September 2014 in Bertinoro, Italy.

Read more ...

Chalmers video on Securing Web Applications

Securing web applications from Chalmers Univ. of Technology on Vimeo.

OWASP AppSec EU 2013: Improving the Security of Session Management in Web Applications

OWASP AppSec EU 2013: Eradicating DNS Rebinding with the Extended Same-Origin Policy

OWASP AppSec EU 2013: Web Fingerprinting: How, Who, and Why?

OWASP AppSec EU 2013: Sandboxing JavaScript

OWASP AppSec EU 2013: Clickjacking Protection Under Non-trivial Circumstances

OWASP AppSec EU 2013: A Doorman for Your Home - Control-Flow Integrity Means in Web Frameworks

WebSand organized the First European workshop on Web Application Security Research (WASR’13)

The WebSand consortium co-organized the First European workshop on Web Application Security Research (WASR’13) on 21 August 2013. The workshop was co-located with this year’s OWASP Research conference in Hamburg, Germany. More information can be found at http://2013.appsec.eu/wasr.html .

Read more ...

OWASP EU Tour 2013 Lisbon: Sandboxing JavaScript

SecAppDev 2012: Client-Side Security Policies for the Web

WebSand organizes DagStuhl Seminar

The WebSand consortium organizes the Dagstuhl seminar on “Web Application Security” (Seminar no. 12401) from 1 to 5 October 2012. More information can be found at http://www.dagstuhl.de/en/program/calendar/semhp/?semnr=12401 .

Read more ...

WebSand Presentation at the 9th International Conference on Trust, Privacy & Security in Digital Business (TrustBus 2012)

Date: September 4, 2012

The WebSand project was presented during this year's TrustBus conference at Vienna, Austria. We presented WebSand's underlying idea to rule information exchange and communication in mash-up web applications together with the project outcome and benefits for the public and industry domain in a short talk. The talk was supplemented by the exhibition of a WebSand poster and a short paper in the conference proceedings.

Read more ...

Andrei Sabelfeld receives an ERC grant on web security

Date: August 27, 2012

Andrei Sabelfeld, Chalmers site leader for WebSand, is awarded an ERC Consolidator grant for project ProSecuToR: Programming Language-based Security To Rescue. ProSecuToR will develop several tracks started in WebSand related to web-based case studies.

Read more ...

WebSand is presented at OWASP Sweden in Stockholm

Date: May 14, 2012

Jonas Magazinius presents the WebSand project, with the emphasis on information flow tracking in web mashups, at OWASP Sweden in Stockholm in May 2012. The focus of the presentation is on the results of the information-flow work package on policies and enforcement mechanisms for decentralized security in mashups.

Read more ...

Web Security training at SecAppDev 2012

Date: March 9, 2012

Members of the WebSand consortium presented new training material on web security & HTML5 at the Secure Application Development course (SecAppDev 2012) in Leuven. The slides are available on the SecAppDev website.

Read more ...

WebSand presented at the NIS Summerschool 2011

Date: June 30, 2011

The WebSand project has been presented at the Summer School on Network & Information Security (NIS Summerschool 2011), jointly organized by ENISA and FORTH.

Check out the poster ...