ISO standards to apply for a web application [closed]

Question

What are the ISO standards to apply for a web application. I mean to say that is there any standard to follow to fulfill the ISO requirements.

Please answer my question.

Thanks in Advance :)

Answer 1

I would recommend reviewing the Cloud Controls Matrix from the Cloud Security Alliance to give you a high level overview of various industry security standards and regulatory requirements, with a cross reference between them (https://cloudsecurityalliance.org/research/ccm/). This matrix includes controls from the ISO/IEC 27001 series, as well as NIST, COPPA, ENISA, HIPAA, PCI DSS, etc.

Regarding web application security, the CCM defines the following high level control domain: "Applications and programming interfaces (APIs) shall be designed, developed, deployed, and tested in accordance with leading industry standards (e.g., OWASP for web applications) and adhere to applicable legal, statutory, or regulatory compliance obligations."

OWASP stands for the Open Web Application Security Project which is a well known global resource for web application security guidance. One of their best offerings for your needs is the Application Security Verification Standard (ASVS) which recently released their v2.0 guide (https://www.owasp.org/images/5/58/OWASP_ASVS_Version_2.pdf). This guidance provides a detailed list of requirements that a secure web application should meet, based on a set of 4 increasingly stringent levels. The ASVS level that each web application should attempt to meet will vary based on the organizations unique threat characteristics.

Answer 2

You could have a look at ISO/IEC 27034 Who IS the application security iso standard