The goal of ÖNORM A 7700 (A7700) is it, to clearly and comprehensively describe the security issues found in web applications, which are only discussed tangentially in other norms (e.g. ISO 27001). Additionally, the compliance process demands a high level of security that is reached by a methodical, complete source code audit. The A7700 norm defines the current state of the art for web application security. The A7700 standard thus provides an important guideline for vendors and customers acquiring web applications.
An except from the table of contents of A7700:
- Architecture of web applications
- Data storage and data transfer
- Configuration data
- Authentication methods
- Session-based separation
- Quality criteria for sessions
- Handling of user input
- File generation
- Storage management
- Integration of resources
- Handling of data output
- Back-end systems
- System and error messages
The ÖNORM A 7700 is available for purchase from:
Several concerns, including the Austrian National Bank, request that SEC Consult develop a standard for web application security.
Together with the Austrian Standards Institute and numerous major banks, insurance companies, public authorities, and industrial concerns, the ONR 17700 norm is drafted. The contents of this standard were based on the recommendations of the internationally accepted OWASP-Guide, which comprehensively describes web application security issues, but not the certification process.
ONR 17700 is published, and is the first EU-wide acknowledged standard that permits certification of web applications based on security criteria.
The first ONR 17700 certification processes are completed. Companies and public authorities begin to establish ONR 17700 certification as a requirement for the development and purchase of web applications.
ONR 17700 is succeeded by ÖNORM A 7700, the current state of the art for secure web applications.