This section describes the controls applicable to web application development and extends upon the ‘Software development fundamentals’ section of these guidelines.
Further information on web application security can be found in the OWASP Application Security Verification Standard 5.0.0 and OWASP Top 10 Proactive Controls 2024 publications.
Further information on web application security risks can be found in the OWASP Top 10 2021 publication.
Further information on implementing HTTPS can be found in ASD’s Implementing certificates, TLS, HTTPS and opportunistic TLS publication.
Further information on using TLS in HTTPS can be found in the ‘Transport Layer Security’ section of the Guidelines for cryptography.
Further information on web API security can be found in the OWASP API Security Top 10 2023 publication.
13 controls