Post-Spectre Web Development
OTHER License
Sketching a threat model and concrete examples of mitigation.
https://w3c.github.io/webappsec-post-spectre-webdev/
Web Application Security Working Group repo
User Interface Security and the Visibility API
Materials for a proposed W3C workshop "Secure the Web Forward"
WebAppSec Secure Contexts
Performance APIs, Security and Privacy
Content Security Policy: Embedded Enforcement
a repo exclusively for security to better manage issues and security considerations for WoT
Web security drafts
WebAppSec Mixed Content
WebAppSec Confinement Origin Web Labels
WoT Security Best Practices
WebAppSec Subresource Integrity
What is browser fingerprinting and how should specification authors address it.
WebAppSec Upgrade Insecure Requests