W3C Workshop Secure the Web Forward

Driving developer awareness and adoption of Web security standards & practices

September 26-28, 2023 - Virtual

Presented by W3C, OpenSSF, OWASP, OpenJS

Parsoa Khorsand

News:

Interested parties may join the #security channel on the W3C Community Slack instance to continue discussions.

Purpose of this workshop

The world wide web is the most pervasive development and deployment platform for applications and services. Its distributed, non-curated and amorphous nature, as well as the lack of friction, is at the same time its great differentiator and an enormous challenge, particularly in the arena of security. Security vulnerabilities in applications are a target for bad actors. When applications are deployed on the web across a heterogeneous environment of cloud providers, networks and browsers, the potential for exploitation of these vulnerabilities is increased. Insecure web applications can be a vector for malware, privacy violations, ransomware and unwanted surveillance.

There has been a recent movement to more secure software development and deployment platforms. There have also been many new features and specifications added to web platform technologies to strengthen security. However these efforts are sometimes disconnected from each other, leading to a lack of clear guidance for web developers about the threats, mitigations and indeed the role web developers play in ensuring their applications are secure.

Possible outcomes include:

Topics covered

Location and Time

The workshop discussions will happen during on-line sessions to be scheduled on September 26-28, 2023. See below for other relevant dates.

Important Dates

The workshop will be primarily virtual across 3 two-hour virtual sessions held on the 26th, 27th and 28th of September.

In preparation we will be holding open in-person meet-ups (less formal discussions) at W3C's TPAC event in Seville, Spain on the 13th of September (time tbd) and at the Open Source Summit Europe event in Bilbao, Spain, the week of September 18th (exact date and time tbd).

Important dates are as follows:

Program Committee

What is W3C?

The mission of the World Wide Web Consortium (W3C) is to lead the Web to its full potential by creating technical standards and guidelines to ensure that the Web remains open, accessible, and interoperable for everyone around the globe. W3C well-known standards HTML and CSS are the foundational technologies upon which websites are built. W3C works on ensuring that all foundational Web technologies meet the needs of civil society, in areas such as accessibility, internationalization, security, and privacy. W3C also provides the standards that undergird the infrastructure for modern businesses leveraging the Web, in areas such as entertainment, communications, digital publishing, and financial services. That work is created in the open, provided for free and under the groundbreaking W3C Patent Policy.

W3C's vision for "One Web" brings together thousands of dedicated technologists representing more than 400 member organizations and dozens of industry sectors. W3C is a public-interest non-profit organization incorporated in the United States of America, led by a Board of Directors and employing a global staff across the globe.

Who is OWASP?

The Open Worldwide Application Security Project® (OWASP) is a nonprofit foundation that works to improve the security of software. Through community-led open-source software projects, hundreds of local chapters worldwide, tens of thousands of members, and leading educational and training conferences, the OWASP Foundation is the source for developers and technologists to secure the web.

What is the OpenJS Foundation?

OpenJS Foundation the home of high-impact, supply-chain critical open source JavaScript projects including Electron, jQuery, Node.js, and many more. Our mission is to support the healthy growth of JavaScript and web technologies by providing a neutral organization to host and sustain projects, as well as collaboratively fund activities that benefit the ecosystem as a whole.

What is the OpenSSF?

The OpenSSF is a cross-industry organization that brings together the industry’s most important open source security initiatives and the individuals and companies that support them. The OpenSSF is committed to collaboration and working both upstream and with existing communities to advance open source security for all.