Agile Alliance

Guidelines for integrating secure practices into agile development.

OWASP ASVS

Standard for verifying web application security controls.

BIZEC-APP

Application security community project for secure coding references.

BSAFSS

BSA Framework for Software Security, promoting secure software practices.

BSIMM

Data-driven model observing real-world software security practices.

C2M2

Cybersecurity Maturity Model for the energy sector.

CAPEC™

Catalog of common attack patterns to understand adversary behavior.

CASA

Cloud application security assessments based on OWASP ASVS.

CCPA

California Consumer Privacy Act regulating personal data protection.

CERT-C

Secure coding standards for the C programming language.

CERT-J

Secure coding standards for the Java programming language.

CIS

Best security configuration benchmarks for systems and software.

CMMC

Cybersecurity Maturity Model Certification for U.S. DoD contractors.

CPRA

California Privacy Rights Act enhancing protections of the CCPA.

CWE™

Catalog of common weakness types for identifying software vulnerabilities.

CWE TOP 25

List of the most dangerous and impactful software weaknesses.

ePrivacy Directive

EU directive ensuring privacy in electronic communications.

FACTA

U.S. law requiring proper disposal of consumer information.

FCRA

U.S. law regulating fairness in credit reporting.

FedRAMP

U.S. federal program ensuring secure cloud services.

FERPA

U.S. law protecting the privacy of student education records.

FISMA

U.S. law mandating federal agencies to secure information systems.

GDPR

EU General Data Protection Regulation for personal data protection.

GLBA

U.S. law protecting customer data in financial institutions.

HIPAA

U.S. law safeguarding health information in healthcare entities.

HITRUST CSF

Common framework harmonizing healthcare security requirements.

ISA/IEC 62443

Standards for securing industrial control and automation systems.

ISO/IEC 27001

International standard for information security management systems.

ISO/IEC 27002

Best practices for implementing information security controls.

ISSAF

Information Systems Security Assessment Framework for security testing.

LGPD

Brazil’s General Data Protection Law for personal data.

MISRA-C

Guidelines for secure and reliable coding in C.

MITRE ATT&CK®

Knowledge base of adversary tactics and techniques.

MVSP

Minimum Viable Secure Product checklist for SaaS applications.

NERC CIP

Standards for protecting critical infrastructure in the energy sector.

NIST CSF

Cybersecurity framework for managing and reducing risk.

NIST 800-115

Guide to technical security testing and assessment.

NIST 800-171

Requirements for protecting controlled unclassified information.

NIST 800-53

Catalog of security and privacy controls for federal systems.

NIST 800-63B

Digital identity guidelines for authentication and access.

NIST SSDF

Secure Software Development Framework for building secure apps.

NYDFS

New York regulation requiring cybersecurity in financial services.

NY SHIELD Act

New York law enhancing personal data protection.

OWASP SAMM

Software Assurance Maturity Model for secure development.

OSSTMM3

Open methodology for security testing of operations and systems.

OWASP TOP 10

Most critical web application security risks.

OWASP API Security Top 10

Most critical security risks in APIs.

OWASP Top 10 for LLM Applications

Top security risks in LLM-powered apps.

OWASP-M TOP 10

Top security risks in mobile applications.

OWASP MASVS

Standard for verifying mobile application security controls.

OWASP Top 10 Privacy Risks

Most critical privacy risks in applications.

OWASP SCP

Secure Coding Practices checklist from OWASP.

PA-DSS

Payment Application Data Security Standard for software vendors.

PCI DSS

Payment Card Industry Data Security Standard for cardholder data.

PDPA

Personal Data Protection Act used in Singapore.

PDPO

Personal Data (Privacy) Ordinance of Hong Kong.

POPIA

South Africa’s Protection of Personal Information Act.

PTES

Penetration Testing Execution Standard methodology.

Resolution SB 2021 2126

Mexican resolution on cybersecurity compliance (Fluid Attacks).

SANS 25

List of the 25 most dangerous software errors.

SIG Core

Core Standardized Information Gathering framework for security.

SIG Lite

Lightweight version of SIG for streamlined security assessments.

SOC2®

Framework for managing customer data securely in service providers.

SWIFT CSCF

Security controls framework for SWIFT financial messaging systems.

WASC

Web Application Security Consortium threat classification.

WASSEC

Web Application Security Scanner Evaluation Criteria.