Web Application Security (Dagstuhl Seminar 12401)

This report documents the program and the outcomes of Dagstuhl Seminar 12401 “Web Application Security”. The seminar brought 44 web security researchers together, coming from companies and research institutions across Europe and the US. The seminar had a well-filled program, with 3 keynotes, 28 research talks, and 15 5-minute talks. As web application security is a broad research domain, a diverse set of recent research results was presented during the talks, covering the web security vulnerability landscape, information-flow control, JavaScript formalization, JavaScript confinement, and infrastructure and server hardening. In addition to the plenary program, the seminar also featured three parallel break-out sessions on Cross-Site Scripting (XSS), JavaScript and Information-flow control. Seminar 30. September – 05. October, 2012 – www.dagstuhl.de/12401 1998 ACM Subject Classification H.3.5 On-line Information Services – Web-based services, K.6.5 Security and Protection, D.4.6 Security and Protection