Application security standards

When it comes to building and operating a web application, there are many security standards, guidelines and best practices available. Depending on your geographic location and/or the industry sector you operate in, there may also be regulations that you have to adhere to.

Regulations, standards and guidelines can be tricky to interpret and implement. You can rely on Appsecco to guide you every step of the way. You will also find information and links to a few of the major standards and guidelines below.


The OWASP Application Security Verification Standard is a list of application security requirements or tests that can be used by architects, developers, testers, security professionals, and even consumers to define what a secure application is.

The OWASP ASVS can be downloaded from here.

Microsoft Security Development Lifecycle

The Security Development Lifecycle (SDL) is a software development process that helps developers build more secure software and address security compliance requirements while reducing development cost.

The Microsoft SDL can be downloaded from here.

BITS Framework

The BITS Software Assurance Framework was created in 2012 by the Financial Services Roundtable to document the importance of secure development practices and to provide guidelines that financial services organizations can use to implement these practices more fully.

The BITS Framework can be downloaded from here.

PCI Data Security Standard

The Payment Card Industry Data Security Standard (PCI DSS) is a proprietary information security standard for organizations that handle branded credit cards from the major card schemes including Visa, MasterCard, American Express, Discover, and JCB.

The PCI Standard is mandated by the card brands and administered by the Payment Card Industry Security Standards Council. The standard was created to increase controls around cardholder data to reduce credit card fraud via its exposure.

The PCI DSS can be downloaded from here.

Related content you may find useful
Security 101 - Appsecco Security 101
Application security terms explained - Appsecco Application Security Translations
Application security videos - Appsecco Security Videos
Common security myths - Appsecco Common Security Myths


Contact us

We can help you apply application security verification standards to your organisation and your suppliers to help ensure you stay secure. Contact us to learn more.

Whether you have a specific requirement, a question you'd like answered or would just like an informal chat, contact us.

Contact us today
Twitter Twitter icon Facebook Facebook icon Pinterest Pinterest icon LinkedIn Link to