Today the World Wide Web offers the universal operating system for an increasing number of business and personal applications coping with all kinds of data. Never before has global access to personal, private, and business-relevant data been so convenient and similarly also at risk. To be successful, today’s Web applications need to deal with identity and private data, require behaving in a trustworthy way, and are member of federations and other means of security context or private data sharing mechanisms.

This evolution of the Web, together with the widespread dissemination of Web applications, has led to attackers focusing on attacking through the Web. Additionally, the risk of being caught in a pseudo-anonymous environment versus the gain, which can be complete user profiles including passwords, credit card information, and other very personal data, further increased incentives for attacks. On the client side, the user’s data is at jeopardy as well. Web applications are a popular target for violating a user’s security and privacy. It is often unclear how much of the entered information will be sent to a server for further processing and how it is protected. The fact that modern Web applications in the browser are often composed from several mutually distrusting sources further complicates this situation.

This distinct character of Web applications and its risk potential requires dedicated approaches for security and privacy that take all phases of the development life cycle of Web applications into account – starting with security by design and going beyond trustworthy hosting environments.

This track invites original research submissions addressing all aspects of security and privacy in Web applications.

For paper categories, submission instructions and deadlines, please see the ICWE submission page.

Track Chairs
Martin Gaedke, Chemnitz University of Technology, Germany
Christian Hammer, Saarland University, Germany

Topics of interest

  • Security and privacy in
    • Browser and cross-browser applications
    • Client-side Web applications
    • Server-side Web applications
    • Social networking
    • Cloud platforms and environments
  • Approaches and tools for penetration testing Web applications
  • Big Data in the context of security and privacy concerns
  • Evaluations of Web application security and privacy
  • Identity related development approaches and systems
  • Practical security and privacy for the Web
  • Principled approaches to improve Web application security and privacy
  • Privacy-enhancing technologies for the Web
  • Security and privacy by design
  • Web applications for mobile devices