Are there any guidelines/publications for the standalone security assessment (or desktop applications)?