The closest things we get to standards are automated vulnerability checkers. I'm currently dealing with one of these vulnerability scanners which claims our code base has some XSS vulnerabilities, which I know is wrong because the app isn't a web app. SMH