Application security standards
When it comes to building and operating a web application, there are many security standards, guidelines and best practices available. Depending on your geographic location and/or the industry sector you operate in, there may also be regulations that you have to adhere to.
Regulations, standards and guidelines can be tricky to interpret and implement. You can rely on Appsecco to guide you every step of the way. You will also find information and links to a few of the major standards and guidelines below.
The OWASP Application Security Verification Standard is a list of application security requirements or tests that can be used by architects, developers, testers, security professionals, and even consumers to define what a secure application is.
The OWASP ASVS can be downloaded from here.
Microsoft Security Design Lifecycle
The Security Development Lifecycle (SDL) is a software development process that helps developers build more secure software and address security compliance requirements while reducing development cost.
The Microsoft SDL can be downloaded from here.
The BITS Software Assurance Framework was created in 2012 by the Financial Services Roundtable to document the importance of secure development practices and to provide guidelines that financial services organizations can use to implement these practices more fully.
The BITS Framework can be downloaded from here.
PCI Data Security Standard
The Payment Card Industry Data Security Standard (PCI DSS) is a proprietary information security standard for organizations that handle branded credit cards from the major card schemes including Visa, MasterCard, American Express, Discover, and JCB.
The PCI Standard is mandated by the card brands and administered by the Payment Card Industry Security Standards Council. The standard was created to increase controls around cardholder data to reduce credit card fraud via its exposure.
The PCI DSS can be downloaded from here.
Whether you have a specific requirement, a question you'd like answered or would just like an informal chat, contact us.Contact us today