The ICT Security Guidelines for Web Applications of the National Cyber Security Center (NCSC) provide guidance for the more secure development, management and provision of Web applications and associated infrastructure. The Security Guidelines are broadly applicable to ICT solutions that use Web applications. As a result, they can be used by both customers and service providers for contracting and outsourcing, monitoring and mutual agreements.
The revised Security Guidelines were developed partly on the basis of best practices from the NCSC in collaboration with UWV and Inspearit. In addition, representatives from various target groups were involved in the assessment of this revision.
The 'Guidelines' document contains an outline description of the security guidelines. The 'In-depth' document elaborates and details the measures with proposals for design, management and development.
The Instructions for Users version 2012 contains frequently asked questions for those already using the Security Guidelines to transition to version 2015.
Version 2012 is still available for download if this version is still required. The NCSC recommends switching to version 2015.
source: NCSC
ICT Security guidelines for Web applications - guidelines
ICT Security Guidelines for Web Applications - floor
Guidelines for users version 2012
ICT Security Guidelines for Web Applications - Old version 2012
