The goal of ÖNORM A 7700 (A7700) is it, to clearly and comprehensively describe the security issues found in web applications, which are only discussed tangentially in other norms (e.g. ISO 27001). Additionally, the compliance process demands a high level of security that is reached by a methodical, complete source code audit. The A7700 norm defines the current state of the art for web application security. The A7700 standard thus provides an important guideline for vendors and customers acquiring web applications.

An except from the table of contents of A7700:


The ÖNORM A 7700 is available for purchase from:

Austrian Standards plus Logo    Beuth Logo



Several concerns, including the Austrian National Bank, request that SEC Consult develop a standard for web application security.


Together with the Austrian Standards Institute and numerous major banks, insurance companies, public authorities, and industrial concerns, the ONR 17700 norm is drafted. The contents of this standard were based on the recommendations of the internationally accepted OWASP-Guide, which comprehensively describes web application security issues, but not the certification process.

September 2005

ONR 17700 is published, and is the first EU-wide acknowledged standard that permits certification of web applications based on security criteria.


The first ONR 17700 certification processes are completed. Companies and public authorities begin to establish ONR 17700 certification as a requirement for the development and purchase of web applications.

Dezember 2008

ONR 17700 is succeeded by ÖNORM A 7700, the current state of the art for secure web applications.