The aim of the research is to formulate general principles for ensuring information security in web-oriented information systems. The paper describes the main concepts of the Web Cryptography API interface, as well as presents practical aspects of using cryptographic methods to ensure data security in web-oriented information systems. The proposed approach, based on the introduction of a secure system for generating and storing users private keys through the use of the asynchronous ECDSA encryption algorithm via the Web Cryptography API interface, combined with encrypting private keys with passphrases and additional user authentication, allows a high level of protection of private keys from unauthorized access.