Standards / Best Practices
... > Vulnerability Assessment / Penetration Testing (VAPT) > Pentest Standards / Best Practices
Standards / Best Practices
At Secura, we strive to make security more tangible, understandable and measurable. That is why we use international norms and standards as much as possible.
This allows you to know and compare the level of security that a system has, and provides assurance on the depth and width of testing. Secura works with multiple organizations such as OWASP and Cyberveilig Nederland to bring the adoption of such standards and frameworks to a higher level.
Secura follows a phased approach for its assessments and applies guidelines and standards that are common within your sector for carrying out (application, infrastructure or other) assessments. These depend on the purpose, the environment to be assessed (architecture, platform, application, etcetera.), sector requirements or regulations per country.
Some examples of the standards we use:
- Application Security Validation Standard (ASVS) for (web) applications;
- Relevant OWASP publications such as the Top 10 and the ASVS, supported by the OWASP Application Security Testing Guide;
- SANS-top 25: the most common and most dangerous errors when making software;
- CIS-baselines for infrastructure and configuration assessments;
- Relevant NIST guidelines on e.g. password and key management;
- NCSC ICT security guidelines for web applications and the ICT security guidelines for Transport Layer Security (TLS);
- Baseline Information Security Government (BIO);
- The OWASP Testing Guide versions 3 and 4 with the OWASP Web Service Security Cheat Sheet, where relevant;
- M-ASVS for mobile applications (Mobile ASVS);
- Logius standards for DigiD assessments;
- STRIDE methodology in Threat Modelling;
- OWASP Mobile Top 10;
- Up-to-date information from (software) suppliers such as Google, Apple, Amazon, Microsoft, et cetera.
I'd like to know more about Standards / Best Practices
Why choose Secura | Bureau Veritas
At Secura/Bureau Veritas, we are dedicated to being your trusted partner in cybersecurity. We go beyond quick fixes and isolated services. Our integrated approach makes sure that every aspect of your company or organization is cyber resilient, from your technology to your processes and your people.
Secura is the cybersecurity division of Bureau Veritas, specialized in testing, inspection and certification. Bureau Veritas was founded in 1828, has over 80.000 employees and is active in 140 countries.