The "Web Application Security" JCS Special Issue has been published
A selected and revised set of papers of the Dagstuhl Seminar on Web Application Security has been published as a special issue of the Journal of Computer Security. Guest editors of the special issue are Lieven Desmet, Martin Johns and Andrei Sabelfeld from the WebSand consortium, complemented with Ben Livshits from Microsoft Research.
WebSand results at the FOSAD 2014 summerschool
Andrei Sabelfeld will lecture some of the WebSand results on information flow control at the International School on Foundations of Security Analysis and Design (FOSAD 2014) from 1 to 6 September 2014 in Bertinoro, Italy.
Chalmers video on Securing Web Applications
Securing web applications from Chalmers Univ. of Technology on Vimeo.
OWASP AppSec EU 2013: Improving the Security of Session Management in Web Applications
OWASP AppSec EU 2013: Eradicating DNS Rebinding with the Extended Same-Origin Policy
OWASP AppSec EU 2013: Web Fingerprinting: How, Who, and Why?
OWASP AppSec EU 2013: Sandboxing JavaScript
OWASP AppSec EU 2013: Clickjacking Protection Under Non-trivial Circumstances
OWASP AppSec EU 2013: A Doorman for Your Home - Control-Flow Integrity Means in Web Frameworks
WebSand organized the First European workshop on Web Application Security Research (WASR’13)
The WebSand consortium co-organized the First European workshop on Web Application Security Research (WASR’13) on 21 August 2013. The workshop was co-located with this year’s OWASP Research conference in Hamburg, Germany. More information can be found at http://2013.appsec.eu/wasr.html .
OWASP EU Tour 2013 Lisbon: Sandboxing JavaScript
SecAppDev 2012: Client-Side Security Policies for the Web
WebSand organizes DagStuhl Seminar
The WebSand consortium organizes the Dagstuhl seminar on “Web Application Security” (Seminar no. 12401) from 1 to 5 October 2012. More information can be found at http://www.dagstuhl.de/en/program/calendar/semhp/?semnr=12401 .
WebSand Presentation at the 9th International Conference on Trust, Privacy & Security in Digital Business (TrustBus 2012)
Date: September 4, 2012
The WebSand project was presented during this year's TrustBus conference at Vienna, Austria. We presented WebSand's underlying idea to rule information exchange and communication in mash-up web applications together with the project outcome and benefits for the public and industry domain in a short talk. The talk was supplemented by the exhibition of a WebSand poster and a short paper in the conference proceedings.
Andrei Sabelfeld receives an ERC grant on web security
Date: August 27, 2012
Andrei Sabelfeld, Chalmers site leader for WebSand, is awarded an ERC Consolidator grant for project ProSecuToR: Programming Language-based Security To Rescue. ProSecuToR will develop several tracks started in WebSand related to web-based case studies.
WebSand is presented at OWASP Sweden in Stockholm
Date: May 14, 2012
Jonas Magazinius presents the WebSand project, with the emphasis on information flow tracking in web mashups, at OWASP Sweden in Stockholm in May 2012. The focus of the presentation is on the results of the information-flow work package on policies and enforcement mechanisms for decentralized security in mashups.
Web Security training at SecAppDev 2012
Date: March 9, 2012
Members of the WebSand consortium presented new training material on web security & HTML5 at the Secure Application Development course (SecAppDev 2012) in Leuven. The slides are available on the SecAppDev website.
WebSand presented at the NIS Summerschool 2011
Date: June 30, 2011
The WebSand project has been presented at the Summer School on Network & Information Security (NIS Summerschool 2011), jointly organized by ENISA and FORTH.