Are there any web application security standards?

Question

Are there any web application security standards that I can use as a baseline for the security related requirements for a web application, web service, and for applications supported/hosted by third parties?

How is security risk managed for web application and what are the preventive and corrective controls that I should expect to see?

Additionally, how can we provide security compliance for web applications?

From my findings I found that most organizations have developed their own standards/guidelines like

Protecting Web Applications and Users

Am I mistaken in that there is no universal standard?

Patrick Pic · Accepted Answer · 2013-11-18 16:45:43Z

1

In Austria we have a standard more or less written by SecConsult which is loosely based on OWASP documents. You can find more information on it here: http://www.a7700.org/index_e.html

answered Nov 18, 2013 at 16:45

Patrick Pic

261 bronze badge

Add a comment |

KDEx · Accepted Answer · 2013-11-13 03:18:56Z

9

From what I understand there is no 'universal' standard, however several standards do exist that you can use as a point of reference.

The National Institute of Standards and Technology [NIST] offers Publication 800-53
If you are dealing with healthcare information there is the HIPAA set of standards
If you keep credit card information there is the PCI set of standards
Finally there is a more generic OWASP Application Security Verification Standard

These are just a few I know about. The standards you build for yourself will be dictated by the nature of your application and the information is serves/stores. However the above resources should help you get an idea of what things you might want to keep in mind or work into your own standard.

answered Nov 13, 2013 at 3:18

KDEx

5,0602 gold badges24 silver badges35 bronze badges

There are also regulators like the FFIEC, Monetary Authority of Singapore (MAS), and others. These are generally at a process and procedure level, dealing with how an organization should run itself and its systems.

GdD
– GdD

2013-11-13 13:12:15 +00:00
Commented Nov 13, 2013 at 13:12

Add a comment |

Securing · Accepted Answer · 2022-10-05 16:12:57Z

Depending on a specific use case (type of industry, country regulations etc.) a web application may be required to satisfy requirements from a variety of different standards. Some worth mentioning standards are the following:

OWASP Application Security Verification Standard 4.0.3
National Institute of Technologies Special Publication 800–218
International Organization for Standardization 27034
Center for Internet Security Critical Security Control 16: Application Software Security

Apart from formal standards you might want to take a look at projects like OWASP Top Ten or CWE/SANS Top 25.

Stack Exchange Network

Are there any web application security standards?

3 Answers 3

You must log in to answer this question.

Linked

Hot Network Questions

Are there any web application security standards?

3 Answers 3

You must log in to answer this question.

Linked

Related

Hot Network Questions