05:05:14 - 19.12.2018

Download Brochure

Banner

Training Partners

Banner

Security Partners

Banner
Banner

Forensics Partners

Banner

ISO 27001 Certified

Banner

ISO 9001 Certified

Banner


Home
Applications Certification PDF Print E-mail

Organisations need to practice due care in the operation of their internet, intranet and extranet websites, web applications, application and systems to prevent security breaches and to have controls in place to mitigate the effect when breaches occur. Failure to practice such due care is negligence and increases business risk.

Security certification is a required action prior to accreditation of applications. Information and evidence for security accreditation is obtained using a detailed security review that focuses on the administrative, technical and operational controls of the system to comprehensively assess whether the controls in place are operating as intended and achieve the security requirements defined. This requires the existence of the specification and adequate data and access to assess the system.

Information Security must be Appropriate, Affordable and Acceptable

Security International standards ISO

  • BS EN ISO/IEC 17025:2005 - General requirements for the competence of testing and calibration laboratories. ISO/IEC 17025 is standard published by ISO and formerly known as ISO/IEC Guide 25. Calibration, testing and sampling including digital forensics.
  • BS ISO/IEC 27001:2013 (BS 7799-2:2005) - Information security management systems, Specification for an information systems management system (ISMS) and the foundation for third party audit and certification.
  • BS ISO/IEC 27002:2013 (BS 7799-1:2005, BS ISO/IEC 17799:2005) - Code of practice for information security management. Guidelines and general principles for initiating, implementing, maintaining, and improving information security management in an organization.
  • BS ISO/IEC 27034-1:2011 - Application security - Part 1: Overview and concepts Building application security into the development life cycle.

 Blue Lab Certified Application

"Blue Lab Certified"

Blue Lab Consulting provides security certifications for web-based applications. This includes hosted application infrastructure as well as application implementation.
For software companies, application service providers, and online merchants, the "BlueLab Certified” testing process provides a competitive advantage to your company by providing your clients and stakeholders with assurance that your application infrastructure has been thoroughly tested by independent third-party experts.

Applications security certification - Standards and Frameworks applied:

  • OWASP – Open Web Application Security Project, an open community dedicated to enabling organizations to conceive, develop, acquire, operate, and maintain applications that can be trusted;
  • CWE™ – Common Vulnerabilities and Exposures List, provides a unified, measurable set of software weaknesses that is enabling more effective discussion, description, selection, and use of software security tools and services that can find these weaknesses in source code and operational systems as well as better understanding and management of software weaknesses related to architecture and design.
  • CIS – Center for Internet Security, is an organization focused on enhancing the cybersecurity readiness and response of public and private sector entities, with a commitment to excellence through collaboration.
  • NIST – The National Institute of Standards and Technology, promote innovation and industrial competitiveness by advancing measurement science, standards, and technology in ways that enhance economic security and improve our quality of life.
  • ISO/IEC 27001:2013 – Information Security Management System (ISMS) Standard, by the International Organization for Standardization (ISO), formally specifies a management system that is intended to bring information security under explicit management control. Application Security in the ISO27001 Environment validates how to secure software applications using ISO/IEC27001. It does this in the context of a wide rrollout of an information security management system (ISMS) that conforms to ISO/IEC 27001.