1.Purpose 4
2.Context 4
1.1 Background 4
3.Scope 5
1.2 Scope Inclusions 5
1.3 Scope Exclusions 5
4.Terms, Abbreviations and Conventions 6
1.4 Terms and Abbreviations 6
1.5 Conventions 6
5.Standards 7
5.1 Requirements Analysis 7
5.2 Design 8
5.3 Development 9
5.4 Outsourced Development 9
5.5 Testing 10
5.6 Implementation 11
5.7 Hosting 11
5.8 Operations and Maintenance 12
5.9 Protection of Source Code 13
6.Implementation 14
1.6 Implementation Considerations 14
1.7 Exemptions 14
1.8 Responsibilities 14
7.References & Links 15
1.Appendix A – Web Application Coding Checklist 17
1.9 Input Validation 17
1.10 Output Validation 18
1.11 Authentication and Identity Management 18
1.12 Access Controls 19
1.13 Cookies & Session Management 20
1.14 File Management 20
1.15 Logging and Auditing 21
1.16 Error Handling 21
Security requirements must be considered in all stages of the web development and procurement to ensure that effective security outcomes are achieved, leading to overall risk reduction to agencies.