The security in the development of Software is has converted in a of the objectives essentials inside of scheme of cyber security of the different organizations to world level, the development of software in Colombia it in increase, for the accelerated growth in the use of the different types of digital devices, the trend actual of automation and the exchange of data; is want highlight the importance of guide or motivate the use and handling of instruments or practices that shielded the information, being responsible with the processes, defense and mitigation always in pro of the security of the information, with the support of all the components. The private company object of this investigation develops wed applications, that present services to different entity, in the process of execution of tests, the company no account with a component of test with approach in security. In the first part is address the characterization of the standards, models and schemes for tests of security of software of wed applications, between the which is highlights the model of software Assurance Maturity Model of software Assurance Maturity Model, ISO/IEC 25010 O, OWASP Open Web Application Security Project, MITRE ATT&CK® and ISO/IEC 27001, identifying the aspects more important to take in mind to perform test of security, in the second part, is makes the formulation of a guide of principles and good principles for tests of security of software in wed applications, from the standards, models and schemes characterized and finally, based on the guide proposal, is make the selection of a wed application, of the company subject of the investigation in tests phase, for the implementation of the proposal guide. Promoting the use of tools authorized, dynamics and statics between others for the evaluation of the quality of software in the component of security.