Standards - Guardian Secure App

OWASP ASVS Explained

OWASP ASVS

The OWASP Application Security Verification Standard is the international open standard that catalogues the security controls a web application must demonstrate to be considered trustworthy. ASVS organises requirements across 14 control families and 3 verification levels, and is maintained as a public good by the OWASP Foundation. Guardian SecureApp™ Modules A and B are anchored in ASVS — this page explains what it is, how it works, and how Guardian uses it in ISO/IEC 17065-accredited certification.

View details

The Most Critical Application Security Risks

OWASP TOP 10 EXPLAINED

The OWASP Top 10 is the most widely recognised application security awareness document in the world — a periodically refreshed list of the ten most critical risks to web applications, derived from telemetry across many organisations and validated by community review. The Top 10 is published by the OWASP Foundation as a public good. Guardian SecureApp™ uses Top 10 as the prioritisation lens applied across our ASVS-anchored evaluation: it tells us which findings to take most seriously and where to focus remediation effort first.

View details

OWASP API Security

OWASP API SECURITY

The OWASP API Security Top 10 is the API-specific risk framework — published by the OWASP Foundation as a public good, addressing the threat profile distinct to APIs that the general OWASP Top 10 does not cover well. The current 2023 edition catalogues ten categories from API1 (Broken Object Level Authorization) to API10 (Unsafe Consumption of APIs). Within Guardian SecureApp™, the API Security Top 10 is the principal technical normative document for Module C — the basis of evaluation for products certifying API surfaces, partner integrations, and microservice platforms.

View details

The Procedural Standard for Product Certification Bodies

ISO/IEC 17065 Explained

ISO/IEC 17065:2012 is the international standard that defines the requirements for organisations that certify products, processes and services. It is the procedural framework that turns a technical evaluation into a procurement-grade attestation — covering impartiality, confidentiality, structural independence, certification decision-making, surveillance, and the public verifiability that makes accredited certification meaningfully different from self-declaration. Guardian Assessment Pvt. Ltd. is accredited under ISO/IEC 17065 by United Accreditation Foundation (UAF) — accreditation number 52605385601, valid until 05 May 2030.

View details

Indicative Pricing

Tentative Starting Fees for Small Organizations

Transparency is a market expectation. The figures below apply to small organizations certifying a single, low-complexity product.

Level 1

Basic

$2,000

onwards

USD, excl. taxes

Internal tools, low-risk public sites, content-driven portals

Get more information

Level 2

Advanced

$4,000

onwards

USD, excl. taxes

Customer-facing apps with PII or payment processing

Get more information

Level 3

High-Risk / Critical

$7,000

onwards

USD, excl. taxes

Banking, healthcare, critical infrastructure applications

Get more information

Fees are indicative starting points, exclusive of applicable taxes, and are payable regardless of certification outcome. Final fees depend on scope, technology stack, modules, level and complexity. Fees do not influence the certification decision (ISO/IEC 17065 Clause 4.2 — impartiality requirement).

Request a Quotation →

Standards & Frameworks

Built on Globally Recognized Standards — Audited by an Accredited Process

A certification is only as credible as the standards behind it. Guardian SecureApp™ is built on two layers — a technical layer (what is evaluated) and a procedural layer (how the certification is issued).

This dual-layer architecture is what makes a Guardian SecureApp™ certificate procurement-grade. The technical content is recognisable to anyone in the field; the procedural integrity is recognisable to anyone reading an accreditation register.