[POSTPONED] W3C Workshop Secure the Web Forward

Driving developer awareness and adoption of Web security standards & practices

[New dates and format to be determined]

Presented by W3C, OpenSSF, OWASP, OpenJS

Parsoa Khorsand

Purpose of this workshop

The world wide web is the most pervasive development and deployment platform for applications and services. Its distributed, non-curated and amorphous nature, as well as the lack of friction, is at the same time its great differentiator and an enormous challenge, particularly in the arena of security. Security vulnerabilities in applications are a target for bad actors. When applications are deployed on the web across a heterogeneous environment of cloud providers, networks and browsers, the potential for exploitation of these vulnerabilities is increased. Insecure web applications can be a vector for malware, privacy violations, ransomware and unwanted surveillance.

There has been a recent movement to more secure software development and deployment platforms. There have also been many new features and specifications added to web platform technologies to strengthen security. However these efforts are sometimes disconnected from each other, leading to a lack of clear guidance for web developers about the threats, mitigations and indeed the role web developers play in ensuring their applications are secure.

Possible outcomes include:

Topics covered

Location and Time

To be determined.

Important Dates

Due to low level of submissions, the Program Committee is re-evaluating the timing and format of the workshop. This page will be updated once these new plans emerge - please let group-secure-the-web-forward@w3.org know if you want to be alerted.

  • Apr 24)
  • Invitations sent to participants: May 8
  • Program Announced: May 22
  • Workshop: June 7-8

Program Committee

What is W3C?

The mission of the World Wide Web Consortium (W3C) is to lead the Web to its full potential by creating technical standards and guidelines to ensure that the Web remains open, accessible, and interoperable for everyone around the globe. W3C well-known standards HTML and CSS are the foundational technologies upon which websites are built. W3C works on ensuring that all foundational Web technologies meet the needs of civil society, in areas such as accessibility, internationalization, security, and privacy. W3C also provides the standards that undergird the infrastructure for modern businesses leveraging the Web, in areas such as entertainment, communications, digital publishing, and financial services. That work is created in the open, provided for free and under the groundbreaking W3C Patent Policy.

W3C's vision for "One Web" brings together thousands of dedicated technologists representing more than 400 member organizations and dozens of industry sectors. W3C is a public-interest non-profit organization incorporated in the United States of America, led by a Board of Directors and employing a global staff across the globe.

Who is OWASP?

The Open Worldwide Application Security Project® (OWASP) is a nonprofit foundation that works to improve the security of software. Through community-led open-source software projects, hundreds of local chapters worldwide, tens of thousands of members, and leading educational and training conferences, the OWASP Foundation is the source for developers and technologists to secure the web.

What is the OpenJS Foundation?

OpenJS Foundation the home of high-impact, supply-chain critical open source JavaScript projects including Electron, jQuery, Node.js, and many more. Our mission is to support the healthy growth of JavaScript and web technologies by providing a neutral organization to host and sustain projects, as well as collaboratively fund activities that benefit the ecosystem as a whole.

What is the OpenSSF?

The OpenSSF is a cross-industry organization that brings together the industry’s most important open source security initiatives and the individuals and companies that support them. The OpenSSF is committed to collaboration and working both upstream and with existing communities to advance open source security for all.