WebSec - Security in web-driven systems

Home » Services » Cybersecurity Cataloge » WebSec - Security in web-driven systems
Date: 
01/01/2018 to 31/12/2023

Our society relies on the web to support the economic, governmental, and military infrastructure. Billions of devices from printers to smart TVs and cars routinely run web servers and clients, forming a heterogeneous Web of Things. Web security is thus critical for Cybersecurity and Information Security at large. The project WebSec: Securing Web-driven Systems sets out to develop a principled security platform for the web. WebSec is a unique opportunity to break away from temporary patches and short-term mitigations and tackle the challenge of web security at scale.

WebSec will result in:

  • Comprehensive framework for detection, mitigation, and prevention of cross-site scripting (XSS) attacks, encompassing
    • Crawling 2.0 and advanced string constraint solving for XSS detection,
    • flexible Content Security Policy (CSP) for XSS mitigation, and
    • a server-side template framework separating data from code for XSS prevention.
  • JavaScript program analysis platform for monitoring and symbolically executing JavaScript, the web's main programming language.
  • Principled framework for system-wide security, enabling confinement, tainting, and information-flow control mechanisms across web component boundaries.
  • Industrial demonstrators FlowGuard: Secure integration and testing platform (with Assured AB), SecAppStore: Secure in-car app store architecture (with OmegaPoint AB and Volvo Car Corporation), and BrowSec: Security-enhanced browser platform (with Google).
Week: 
Monday, 3 September, 2018

News

Cyber Security is a Shared Responsibility!

European Cyber Security Month (ECSM) is the EU's annual awareness campaign that takes place each October across Europe. The aim is o raise awareness of cyber security threats, promote cyber security among citizens and organization; and provide resources to protect themselves online, through education and sharing of good practices.

Future Events

On 25 September 2019 (09:30-10:30) in Room Walton, a strategic planning co-design session (CD) titled "Security research: Ensuring security and privacy in a digitising world [CD]" will be held on the European Research and Innovation Days, the first annual policy event of the European Commission, bringing together stakeholders to debate and shape the future research and innovation landscape, will happened on 24-26 September 2019 in Brussels (BE).

24/09/2019 to 26/09/2019

MyData 2019 will be organised on 25-27 September 2019 in Wanha Satama in central Helsinki, as an associated event of Finland’s EU Presidency. The conference provides 2+1 days of interactive sessions, networking opportunities and inspirations that shall contribute to rebuilding trust and creating a more transparent and prosperous digital society.

25/09/2019 to 27/09/2019