WebSec - Security in web-driven systems

01/01/2018 to 31/12/2023

Our society relies on the web to support the economic, governmental, and military infrastructure. Billions of devices from printers to smart TVs and cars routinely run web servers and clients, forming a heterogeneous Web of Things. Web security is thus critical for Cybersecurity and Information Security at large. The project WebSec: Securing Web-driven Systems sets out to develop a principled security platform for the web. WebSec is a unique opportunity to break away from temporary patches and short-term mitigations and tackle the challenge of web security at scale.

WebSec will result in:

  • Comprehensive framework for detection, mitigation, and prevention of cross-site scripting (XSS) attacks, encompassing
    • Crawling 2.0 and advanced string constraint solving for XSS detection,
    • flexible Content Security Policy (CSP) for XSS mitigation, and
    • a server-side template framework separating data from code for XSS prevention.
  • JavaScript program analysis platform for monitoring and symbolically executing JavaScript, the web's main programming language.
  • Principled framework for system-wide security, enabling confinement, tainting, and information-flow control mechanisms across web component boundaries.
  • Industrial demonstrators FlowGuard: Secure integration and testing platform (with Assured AB), SecAppStore: Secure in-car app store architecture (with OmegaPoint AB and Volvo Car Corporation), and BrowSec: Security-enhanced browser platform (with Google).
Monday, 3 September, 2018


Pilots for the European Cybersecurity Competence Networks: how can your SME benefit? - Cyberwatching.eu 6th Webinar -

The four pilot projects involved in the development of the European Cybersecurity Competence Network will present their plans and upcoming tools and services for SMEs in the Cyberwatching.eu webinar on the 2nd of April, 10:00 AM CEST



Future Events

Cyber Insurance and its Contribution to Cyber Risk Mitigation - Leiden March 25-29
25/03/2019 to 29/03/2019

The rise in both the scale and severity of recent cyberattacks demands new thinking about cybersecurity risk and the mitigation and transfer of that risk. Cyber insurance is one potential way to manage risk by transferring damage liability, but the cyber insurance market is immature and the understanding and actuarial knowledge of cyber-risk is currently underdeveloped.

e-SIDES workshop 2019

e-SIDES workshop: Towards Value-Centric Big Data: Connect People, Processes and Technology


2 April 2019

10am to 4pm


e-SIDES is a research project funded by European Commission H2020 Programme that deals with the ethical, legal, social and economic implications of privacy-preserving technologies in different big data context.