📢 Breakouts Day 2024: @openwebdocs is hosting a session on web #security documentation
🗓️ Join us tomorrow, 12 March, 22:00–23:00 UTC
Led by session chair Will Bamberg, the Open Web Docs team will present a draft documentation outline (https://kwz.me/hA7), discuss feedback and propose next steps.
👀 They are very keen on finding security experts to collaborate with them on this project!!!
#securewebforward
▶️ https://www.w3.org/2024/03/breakouts-day-2024/#b-28cae5e2-8941-4d36-83fa-5a94f54a7d9a
🆕 The #SecureWebForward #W3CWorkshop report is now live! Dive into key insights shaping the future of web #security. @openssf, @owasp and @openjsf
▶️ https://www.w3.org/2023/03/secure-the-web-forward/report.html
Acking the challenges #developers face due to the growing complexity of web #apps, participants explored three crucial themes:
- supply chain security
- JavaScript security
- developer awareness
The wsp talks are avail. on #YT https://www.youtube.com/playlist?list=PLNhYw8KaLq2V-EvC1Mcdms3xvkrXjNEpX (w/ subtitles both in #English and #Chinese)
#SecureWebForward @booboobenny and @joesepi review @openjsf projects to customize OpenSSF and OWASP best practices, and create a #JavaScript #security training.
▶️ https://www.w3.org/2023/03/secure-the-web-forward/agenda.html#session-3 (w/ slides and transcript)
#SecureWebForward CSP, CORS, SRI, strict mode... Web app #security is complicated. #developers need more than reference docs, they also need tutorials, how-to guides and explanations. @floscholz explores a documentation program that @openwebdocs could perhaps implement to enhance @MDN documentation on security.
▶️ https://www.w3.org/2023/03/secure-the-web-forward/agenda.html#session-3
#SecureWebForward ~1.5 billion websites deployed on the web today. Of these, ~1 billion run #jQuery! Of these, ~500 millions run an "outdated and unpatched version" of jQuery. @tobie has been looking at securing jQuery, focusing on #security holes that jQuery opens in the web #browser sandbox that don't exist without it.
▶️ https://www.w3.org/2023/03/secure-the-web-forward/agenda.html#session-3 (with slides and transcript)
#SecureWebForward
Improving the cookie model on the web has the potential to address many of the web's isolation problems and prevent several classes of bugs. Artur Janc presents a #security perspective on #cookies and details a cookies model, aligned with the current direction to deprecate third-party cookies taken by #browser vendors.
▶️ https://www.w3.org/2023/03/secure-the-web-forward/agenda.html#session-2 (w/ slides and transcript)
Also on #yt: 🎬 https://youtu.be/H2k0aPIWTTo
#SecureWebForward
Building on @naugtur 's insights, Gal Weizman presents ways to trap the many ways to create #JavaScript realms in a #WebApp. That's complex, and comes with a performance cost. Could native hooks be created instead?
▶️ https://www.w3.org/2023/03/secure-the-web-forward/agenda.html#session-2 (w/ slides and 🎬 transcript)
Also on #YT: https://youtu.be/zxO9vW4qwns
#SecureWebForward
Hardened #JavaScript creates a more secure runtime environment for web app code, following the principle of least authority. The JS Compartment proposal could provide built-in foundations. @naugtur reviews the proposal and challenges that remain that could let code escape their compartment, such as access to DOM and the creation of realms.
▶️ https://www.w3.org/2023/03/secure-the-web-forward/agenda.html#session-2
#SecureWebForward What if #security researchers could audit the source code of #WebApps sent to any user, and not just to themselves? Daniel Huigens presents the "Source Code Transparency" proposal:
▶️ https://w3.org/2023/03/secure-the-web-forward/agenda.html#session-1 (slides + 🎬 transcript)
Also on #YT: https://youtu.be/qhc_3W3JZAw
#SecureWebForward Gary O'Neall describes possible improvements to #SBOMs to ease discovery, handle complexity and improve interoperability.
#security #standardization
▶️ Papers and slides: https://w3.org/2023/03/secure-the-web-forward/agenda.html#session-1
Also on #YT: 🎬 https://youtu.be/M4s8JY4DQTI
W3C Developers
