AppSec Standards and Benchmarks


The open-source appsec group is the Open Web Application Security Project (OWASP). Its objective is to improve understanding of the application’s security.

This risk list, which regularly includes the most important security standards today, has more businesses from diverse industries adopting security. In addition, AppSec experts worldwide have developed and revamped the OWASP Top 10 2013 and OWASP Mobile Top 10 2014 to create unique AppSec best practices from a security perspective.

OWASP is well-known for its other efforts in application security around the world (conferences, hackathons, seminars, and more), besides providing cross-sector reference lists that enable organisations to protect their applications. In addition, it also received the Choice Award from the SC Magazine Editor in 2014.

The OWASP Top 10 is a standard awareness document for developers and web application security. In addition, it represents a broad consensus about the most critical security risks to web applications. Finally, there are some methods for achieving AppSec standards.

Additional Reading (OWASP/OWASP TOP 10):

The Open Web Application Security Project (OWASP/OWASP TOP 10)

SANS top 25

AppSec standard and benchmark are well-known in the SANS TOP 25. The vulnerabilities mentioned in this section are explicitly related to SANS’s CWE (“Common Weakness Enumeration”).

Additional Reading (SANS 25):

SANS Top 25 Most Dangerous Software Errors


The PCI DSS contains a series of standards that allow all businesses to process, save, or transmit credit card information in a secure environment. However, It was co-founded in 2004 by Visa, MasterCard, Discover, and American Express by four major credit card firms. It’s another form of AppSec standard.

Additional Reading (PCI DSS):

Payment Card Industry Data Security Standard (PCI DSS)


HIPAA specifies how organizations that provide insurance plans and other healthcare services can conduct electronic (online) healthcare and administrative transactions. This US law was signed in 1996 by Bill Clinton and comprises five key parts covering the different issues that have to be taken into account in order to ensure maximum conformity. It’s one kind of AppSec standard.

Additional Reading (HIPAA):

Health Insurance Portability and Accountability Act (HIPAA)