
GUARDIAN SECUREAPP™ CERTIFICATION SCHEME
Secure app
ISO/IEC 17065 accreditation and provide independent cybersecurity certification for web applications, SaaS and multi-tenant platforms, as well as APIs and microservices. Everything is evaluated based on the OWASP ASVS, OWASP Top 10, and OWASP API Security Top 10, across three different levels of assurance. This is all delivered by Guardian Assessment Pvt. Ltd. and backed by UAF accreditation.

Module A — Web Application Security Certification
WEB APPLICATION SECURITY
SO/IEC 17065-accredited third-party certification for web applications things like single-page apps, server-rendered applications, customer portals, and internal business tools. The whole evaluation runs against the OWASP Application Security Verification Standard (ASVS) plus the OWASP Top 10. And we have three assurance levels so the testing depth actually lines up with how risky your product really is.

Module B
SAAS Security
ISO/IEC 17065-accredited third-party certification for multi-tenant SaaS platforms. These are the platforms where several different customer organisations share one single application instance. And tenant isolation is exactly the big assurance question that buyers are always asking about. Module B takes the OWASP ASVS evaluation from Module A and goes further. It adds targeted tenant-aware testing on identity federation, data segregation, key management, audit log integrity, subscription lifecycle, and platform operations.

Module C
API Security
ISO/IEC 17065-accredited third-party certification for APIs and microservices, covering REST, GraphQL, gRPC, event-driven architectures, and other machine-to-machine interfaces. The assessment is based on the OWASP API Security Top 10 and is available in three assurance levels, so the depth of testing can match your API’s risk profile while supporting your customers’ due-diligence requirements.
Indicative Pricing
Tentative Starting Fees for Small Organizations
Transparency is a market expectation. The figures below apply to small organizations certifying a single, low-complexity product.
Level 1
Basic
$2,000
onwards
USD, excl. taxes
Internal tools, low-risk public sites, content-driven portals
Level 2
Advanced
$4,000
onwards
USD, excl. taxes
Customer-facing apps with PII or payment processing
Level 3
High-Risk / Critical
$7,000
onwards
USD, excl. taxes
Banking, healthcare, critical infrastructure applications
Fees are indicative starting points, exclusive of applicable taxes, and are payable regardless of certification outcome. Final fees depend on scope, technology stack, modules, level and complexity. Fees do not influence the certification decision (ISO/IEC 17065 Clause 4.2 — impartiality requirement).
Standards & Frameworks
Built on Globally Recognized Standards — Audited by an Accredited Process
A certification is only as credible as the standards behind it. Guardian SecureApp™ is built on two layers — a technical layer (what is evaluated) and a procedural layer (how the certification is issued).
This dual-layer architecture is what makes a Guardian SecureApp™ certificate procurement-grade. The technical content is recognisable to anyone in the field; the procedural integrity is recognisable to anyone reading an accreditation register.

OWASP ASVS
Application Security Verification Standard – the international benchmark

OWASP Top 10
The most critical web application security risks

OWASP API Top 10
Prioritised framework for API-specific risks

ISO/IEC 17065
