This standard proposes a general framework for application software security programming, and provides guidance on the application software programming process from the perspective of improving software security. This standard is applicable to the development of application software of client/server architecture. The development of application software of other architectures can also be used as a reference, and necessary security protection measures should be supplemented according to the characteristics of its application environment.