Publications in German
The following publications (in German) discuss ÖNORM A 7700 or its predecessor, ONR 17700:
BSI Guide for the Development of Secure Web Applications
Currently, applications are mostly developed in the form of web applications. Although security-specific requirements such as design, implementation and operation are sometimes published in conjunction with the call for tender, frequently they are also developed throughout the course of a project. As a result, web applications have recurrent vulnerabilities which can be exploited for a multitude of attacks.
With its guide for the development of secure web applications the Federal Office for Information Security (hereafter BSI), in collaboration with SEC Consult, offers a solution to this problem. Consistent, thorough guidelines for a secure development process linked with a structured approach for testing and client acceptance processes facilitate the optimization of IT security within the Federal Administration and beyond it. A guide is provided to IT- and project managers of public institutions as well as managers from the industry which can serve as a tool for the creation of bidding and contract documentation or the establishment of performance and acceptance criteria, and thus supports the entire contracting process.
The study is divided into two parts: The first defines requirements for the contractor. In the second part, the client receives guidance on how compliance with these requirements can be assessed.
ÖNORM A 7700 Infofolder
The Info-Folder provides a brief description of the important issues addressed by ÖNORM A 7700 and is an ideal introductory document to gain insight into the standard.
Österreichisches Informationssicherheitshandbuch (Version 2.3, April 2007)
ONR 17700, the predecessor to ÖNORM A 7700, is cited as an important standard for information security and IT security.Österreichisches Informationssicherheitshandbuch
KES - Issue 2007/4: SOA-Security mit ONR 17700
The guidelines described in ONR 17700 can also be used to certify web services. This article describes the certification of a SOA web service using the guidelines provided in ONR 17700.
BSI-Standard zur Internet-Sicherheit (ISi-Reihe) - Sicheres Bereitstellen von Web-Angeboten (ISi-Web-Server)
The German Federal Office for Information Security (BSI) has produced a series of Internet security standards, the ISi-Series. The goal is to provide public authorities and private concerns comprehensive and current information, so that they can create, extend, or alter their Internet activities. The documents in the series "Sichere Bereitstellung von Web-Angeboten" (ISi-Web-Server) are intended to describe relevant threats and important countermeasures in order to allow web services to be offered securely. Many of the measures were directly based on the ÖNORM A 7700 standard.
Secure 2008 - Sichere Anwendungen auf BSI-Basis
At the Secure 2008 conference in Bad Homburg, Thomas Kerbl from SEC Consult together with Cornelia Strobel from the German Fedaral Office for Information Security (BSI) presented a talk about secure applications based on BSI recommendations ("Sichere Anwendungen auf BSI Basis"). In addition to general topics relating to basic security, the new BSI study from the ISi-Series, "Sichere Bereitstellung von Web-Angeboten", was presented. This study was a collaboration between SEC Consult and the BSI. Another central theme of the presentation was the ONR 17700 standard, the first EU-wide recognized norm for web application security.