What Does TSS-WEB Stand For?

TSS-WEB stands for Technical Security Standard for WEB-based applications and services. It was originally intended as a template standard that you can copy and adapt to your organization. This is why we’ve provided MS Word versions in the past as well.

Today, TSS-WEB is more of a requirement framework.

So, it’s actually there for historical reasons. Perhaps it will be changed in the future.

Don’t We Already Have Enough AppSec Standards?

There are, in fact, several well-established AppSec standards and best practice projects today. However, rather than competing with these, TSS-WEB aims to provide companies with the guidance needed to effectively implement them in their organization.

How Can I Use TSS-WEB?

Use it as you like. You can use all the requirements or select specific requirements or categories that you need. Use it as inspiration or to review your internal requirements.

However, don’t forget to adapt the requirements to your specific organization and tech stack.

Is TSS-WEB Intended to Cover All Requirements?

No, TSS-WEB is intended to provide a solid foundation that works for most organizations. However, there will always be edge cases or situations with particular security demands where you need to implement specific requirements. For instance, if you are developing an e-commerce website or a developer portal, you will need to address very specific requirements. Conducting threat modeling is an essential practice to identify these requirements.

Is TSS-WEB Free?

Yes. TSS-WEB is licensed under Creative Commons By 4.0.

What Is Secodis’s Role with TSS-WEB?

TSS-WEB is currently sponsored by Secodis GmbH. However, we plan to establish it as a completely independent project in the future.

How Do I Report an Error?

TSS-WEB does not aim to cover every possible requirement in this field but instead provides a solid foundation. If you find an error or notice a missing requirement, please create a pull request or file an issue to help us improve the project.

Can I Contribute?

Yes, please feel free to create an issue or submit a pull request if you have any input. We are also planning to create a Slack channel in the future. Let us know if you would like to participate. We are very thankful for any contributions and assistance.