Web Application Security Working Group - Tools

Issue Tracking: Issue Dashboard
Mailing List: member-webappsec Restricted archives; public-webappsec
Other: Minutes through ~2017

GitHub repositories

federated-credentials

w3c/federated-credentials
password-credentials

w3c/password-credentials
permissions

Permissions API

w3c/permissions

Website
permissions-registry

Registry of known powerful features in the web platform.

w3c/permissions-registry

Website
trusted-types

A browser API to prevent DOM-Based Cross Site Scripting in modern web applications.

w3c/trusted-types

Website
webappsec

Web Application Security Working Group repo

w3c/webappsec

Website
webappsec-change-password-url

A Well-Known URL for Changing Passwords

w3c/webappsec-change-password-url

Website
webappsec-clear-site-data

WebAppSec Clear Site Data

w3c/webappsec-clear-site-data

Website
webappsec-cors-for-developers

CORS for developers

w3c/webappsec-cors-for-developers

Website
webappsec-cowl

WebAppSec Confinement Origin Web Labels

w3c/webappsec-cowl

Website
webappsec-credential-management

WebAppSec Credential Management

w3c/webappsec-credential-management

Website
webappsec-csp

WebAppSec Content Security Policy

w3c/webappsec-csp

Website
webappsec-cspee

Content Security Policy: Embedded Enforcement

w3c/webappsec-cspee

Website
webappsec-dbsc

Device Bound Session Credentials: A Protocol for Protecting From Cookie Theft

w3c/webappsec-dbsc

Website
webappsec-fetch-metadata

Fetch Metadata

w3c/webappsec-fetch-metadata

Website
webappsec-mixed-content

WebAppSec Mixed Content

w3c/webappsec-mixed-content

Website
webappsec-passkey-endpoints

A well-known URL for passkey relying party endpoints

w3c/webappsec-passkey-endpoints

Website
webappsec-permissions-policy

A mechanism to selectively enable and disable browser features and APIs

w3c/webappsec-permissions-policy

Website
webappsec-post-spectre-webdev

Post-Spectre Web Development

w3c/webappsec-post-spectre-webdev

Website
webappsec-referrer-policy

WebAppSec Referrer Policy

w3c/webappsec-referrer-policy

Website
webappsec-secure-contexts

WebAppSec Secure Contexts

w3c/webappsec-secure-contexts

Website
webappsec-standardizing-security-semantics-of-cross-site-cookies

A WebAppSec note on standardizing the security semantics of cross-site cookies and proposes standardizing these semantics.

w3c/webappsec-standardizing-security-semantics-of-cross-site-cookies
webappsec-suborigins

Suborigins

w3c/webappsec-suborigins

Website
webappsec-subresource-integrity

WebAppSec Subresource Integrity

w3c/webappsec-subresource-integrity

Website
webappsec-uisecurity

User Interface Security and the Visibility API

w3c/webappsec-uisecurity

Website
webappsec-upgrade-insecure-requests

WebAppSec Upgrade Insecure Requests

w3c/webappsec-upgrade-insecure-requests

Website
webcrypto

The W3C Web Cryptography API

w3c/webcrypto

Website