We at Secodis have developed extensive practical know-how in this field, especially for the Java stack and for various Web frameworks. If you need sound requirements or guidelines we do not start in a “green-field” but can use our existing security guidelines as a comprehensive foundation for your customization. This approach is not only cost effective but ensures a high quality of your requirements as well.
Since many customers prefer to build their guidelines within Atlassian Confluence, we now provide our guidelines and threat catalog as an export for Atlassian Confluence as well. Integration into SharePoint (via SharePoint Connector) is possible as well.
A teaser of the guidelines can be found here.