What are the standards for security on the web and web development?

views:

answers:

+3 Q:

What are the standards for security on the web and web development?

What are the standards that govern security practices on the web and web development? What standards body publishes such documents?

+1 A:

Have a look at OWASP.

The Open Web Application Security Project (OWASP) is a 501c3 not-for-profit worldwide charitable organization focused on improving the security of application software.

Kyle Rozendo 2010-04-23 13:57:25

OWASP does not publish technology standards.

2010-04-23 13:58:29

+1 A:

Most general and apply to any developpement but interesting anyway :

CWE/SANS TOP 25 Most Dangerous Programming Errors

Boris Guéry 2010-04-23 14:01:14

I don't know of any standards governing security practices specifically focussed on web apps, but the ISO27000 family of standards cover information systems in general. Warning: getting hold of a copy of ISO2700x, unless you work for ISO or a university, is not cheap...

Graham Lee 2010-04-23 14:07:21

+3 A:

It depends on the industry. Credit Cards use the PCI-DSS. The US medial industry uses HIPAA. Cryptographic systems are governed by FIPS-140 which was created by NIST. Then there is the CWE system which is a list of every known vulnerability type.

Rook 2010-04-23 16:31:39

I believe that is HIPAA, but your link is solid.

2010-04-24 16:37:32

ansaurus

tags:

views:

answers:

What are the standards for security on the web and web development?

related questions