For the development of secure web applications, developers can make use of an increasing number of security functionalities in established browsers instead of having to develop them themselves at great expense or creating dependencies through 3rd-party libraries.

For example, the WebAuthn standard can be used to implement passwordless authentication. For cryptographic operations, the WebCrypto API provides simple interfaces for hashing, encrypting or signing in all common browsers. With the Reporting API, information about security events can be collected directly from the productive user environment, for example via CSP violations.

The talk will give an overview of the distribution of these features and demonstrate the possibilities for their use in development projects. Participants will learn about various security APIs in current browsers and their development status. They will learn how these features can be used in the development of secure web applications and gain practical insights for implementation and deployment in own software.