Standards / Best Practices

... > Vulnerability Assessment / Penetration Testing (VAPT) > Pentest Standards / Best Practices

Standards / Best Practices

At Secura, we strive to make security more tangible, understandable and measurable. That is why we use international norms and standards as much as possible.

OWASP Top 10 logo

This allows you to know and compare the level of security that a system has, and provides assurance on the depth and width of testing. Secura works with multiple organizations such as OWASP and Cyberveilig Nederland to bring the adoption of such standards and frameworks to a higher level.

Cyberveilig nederland logo vector

Secura follows a phased approach for its assessments and applies guidelines and standards that are common within your sector for carrying out (application, infrastructure or other) assessments. These depend on the purpose, the environment to be assessed (architecture, platform, application, etcetera.), sector requirements or regulations per country.

Some examples of the standards we use:

  • Application Security Validation Standard (ASVS) for (web) applications;
  • Relevant OWASP publications such as the Top 10 and the ASVS, supported by the OWASP Application Security Testing Guide;
  • SANS-top 25: the most common and most dangerous errors when making software;
  • CIS-baselines for infrastructure and configuration assessments;
  • Relevant NIST guidelines on e.g. password and key management;
  • NCSC ICT security guidelines for web applications and the ICT security guidelines for Transport Layer Security (TLS);
  • Baseline Information Security Government (BIO);
  • The OWASP Testing Guide versions 3 and 4 with the OWASP Web Service Security Cheat Sheet, where relevant;
  • M-ASVS for mobile applications (Mobile ASVS);
  • Logius standards for DigiD assessments;
  • STRIDE methodology in Threat Modelling;
  • OWASP Mobile Top 10;
  • Up-to-date information from (software) suppliers such as Google, Apple, Amazon, Microsoft, et cetera.

I'd like to know more about Standards / Best Practices



Secura is a leading cybersecurity expert. Our customers range from government and healthcare to finance and industry worldwide. Secura offers technical services, such as vulnerability assessments, penetration testing and red teaming. We also provide certification for IoT and industrial environments, as well as audits, forensic services and awareness training. Our goal is to raise your cyber resilience.

Secura is a Bureau Veritas company. Bureau Veritas (BV) is a publicly listed company specialized in testing, inspection and certification. BV was founded in 1828, has over 80.000 employees and is active in 140 countries. Secura is the cornerstone of the cybersecurity strategy of Bureau Veritas.