ISO/IEC 27034-6
ISO/IEC 27034-6:2016 — Information technology — Security techniques — Application security — Part 6: Case studies
(first edition)
Abstract
ISO/IEC 27034 part 6 “provides usage examples of ASCs for specific applications. NOTE Herein specified ASCs are provided for explanation purposes only and the audience is encouraged to create their own ASCs to assure the application security.”
[Source: ISO/IEC 27034-6:2016]
Introduction
Part 6 provides examples of how Application Security Controls might be developed and documented.
Scope
Part 6 concerns the handling of application security in the course of software development.
Structure
Main sections:
5: Security guidance for specific applications
Annex A: XML examples for case studies in 5.2
Status
The current first edition of part 6 was published in 2016 and confirmed unchanged in 2022.
Commentary
Case studies demonstrate the feasibility of this highly structured, formal approach that is being used successfully by some major software developers.