TOP
Search the Dagstuhl Website
Looking for information on the websites of the individual seminars? - Then please:
Not found what you are looking for? - Some of our services have separate websites, each with its own search option. Please check the following list:
Schloss Dagstuhl - LZI - Logo
Schloss Dagstuhl Services
Seminars
Within this website:
External resources:
  • DOOR (for registering your stay at Dagstuhl)
  • DOSA (for proposing future Dagstuhl Seminars or Dagstuhl Perspectives Workshops)
Publishing
Within this website:
External resources:
dblp
Within this website:
External resources:
  • the dblp Computer Science Bibliography


Dagstuhl Seminar 26291

Web Application Security

( Jul 12 – Jul 15, 2026 )

Permalink
Please use the following short url to reference this page: https://www.dagstuhl.de/26291

Organizers

Contact

Motivation

The Web started as a loosely designed, fragile system but has since evolved into critical infrastructure supporting applications far beyond its original client-server model. This transformation has been driven by the relentless demand for more functionality, leading to the introduction of JavaScript, advanced APIs like WebRTC and service workers, and faster network protocols like HTTP/3.

Yet, security was never part of the Web’s original design. Over time, the ecosystem has adapted to evolving threats, phasing out insecure connections, introducing same-origin policies, browser sandboxing, site isolation, and passwordless authentication. Cross-site tracking and fingerprinting emerged as threats, and both browsers and web standards had to change to defend user privacy. Efforts like the deprecation of third-party cookies and secure-by-default browsing signals show how security and privacy continue to evolve in the Web platform.

The Web isn’t slowing down. The push for new business and user-facing features such as extended reality APIs, trusted computing elements, and even generative AI-powered browsing agents, raises new security and privacy challenges. How do we ensure security at the pace of innovation? What lessons from past security mechanisms should guide the Web’s future? These are the questions we seek to explore.

Unlike other platforms, the Web’s security and privacy landscape emerge from a decentralized, multi-stakeholder ecosystem. Browser vendors, academic researchers, industry practitioners, and standards bodies each contribute independently, yet their collaboration is crucial. The Web Application Security Dagstuhl Seminar aims to bring together these communities to assess what has worked, what has failed, and what must come next.

For the 2026 edition, we will focus on two key areas:

  • Security and privacy of the Web platform: How is the Web platform changing, and what challenges lie ahead? What are the raising concerns new paradigm shifts fueled by new technology? We will assess the current state of security and privacy of the Web platform, and anticipate future challenges.
  • Observing, measuring, and acting on security and privacy threats: Effective security and privacy require continuous observation, yet monitoring the Web at scale presents significant challenges. We will discuss the state of measurements, the limitations of current monitoring efforts, and the obstacles in detecting and mitigating threats. How do we improve visibility into Web security risks? What tools, methodologies, and policies can help bridge the gap between detection and meaningful action?
Copyright Martin Johns, Giancarlo Pellegrino, and John Wilander

Related Seminars
  • Dagstuhl Seminar 09141: Web Application Security (2009-03-29 - 2009-04-03) (Details)
  • Dagstuhl Seminar 12401: Web Application Security (2012-09-30 - 2012-10-05) (Details)
  • Dagstuhl Seminar 18321: Web Application Security (2018-08-05 - 2018-08-08) (Details)

Classification
  • Cryptography and Security
  • Networking and Internet Architecture

Keywords
  • web
  • security
  • privacy
  • internet
  • browsers