Compliance and Regulations
Payment Card Industry Data Security Standard (PCI DSS)
PCI DSS is a set of comprehensive requirements for enhancing payment account data security and was developed to help facilitate the broad adoption of consistent data security measures on a global basis.
Data Protection Act – 1998
Data Protection Act regulates the processing of information relating to individuals, including the obtaining, holding, use or disclosure of such information.
Web Application Security Consortium (WASC)
The Web Application Security Consortium (WASC) is made up of an international group of experts, industry practitioners, and organisational representatives who produce open source and widely agreed upon best-practice security standards for the World Wide Web.
Homeland Security – Build Security In
Build Security In is a collaborative effort that provides practices, tools, guidelines, rules, principles and other resources that development teams can use to build security into every phase of the software development.
Top Software Security Threats
OWASP Top 10
OWASP Top 10 is a powerful awareness document listing the most critical web application security flaws. Adopting the OWASP Top 10 is the most effective first step towards changing the software development culture within an organisation into one that produces secure code.
CWE/SANS TOP 25 Most Dangerous Software Errors
The CWE/SANS Top 25 Most Dangerous Software Errors is a list of the most widespread and critical errors that can lead to serious vulnerabilities in software. Software customers can use this list to help them to ask for more secure software. Researchers in software security can use the Top 25 to focus on a narrow but important subset of all known security weaknesses. Software managers and CIOs can use the Top 25 list as a measuring stick of progress in their efforts to secure their software.
Application Security Best Practices
OWASP Developer Guide – 2014
The primary audience for the new version of the Developer Guide is architects and developers. The aim of the Developer Guide is to allow businesses and development teams to produce secure software.
OWASP Testing Guide
The OWASP Testing Guide includes a best practice penetration testing framework and a low level penetration testing guide describing techniques for testing most common web application and web service security issues.
OWASP Code Review Guide
OWASP Code Review guide offers information about conducting secure code reviews and to help developers in secure application development.
Secure Software Development Methodologies
Microsoft SDL is the secure software assurance model that provides a collection of mandatory security activities that are grouped by the phases of the traditional software development lifecycle.
CLASP (Comprehensive Lightweight Application Security Process) provides a well-organised and structured approach for moving security concerns into the early phases of the software development process.
Software Security Maturity Models
The Software Assurance Maturity Model (SAMM) is an open framework to help organisations formulate and implement a strategy for software security that is tailored to the specific risks facing the organisation.
The Building Security In Maturity Model (BSIMM)
The Building Security In Maturity Model is designed to help organisations understand, measure and plan a software security initiative. The BSIMM can help determine how an organisation compares to other real-world software security initiatives and what steps can be taken to make your approach more effective.