Security in web applications

Answer: For security of web application I'd suggest you to take a look at ISO 15408 at ISO site: https://www.iso.org/standard/50341.html This standard is an international reference for computer security certification

2 - what is the main difference between 27001, 27002, 27003, 27004 , I'm trying to read them but I feel there is a lot a similarity and no difference to choose the right one of them

Answer: ISO 27001 covers the requirements for the establishment, implementation, maintenance and continual improvement of an Information Security Management System. ISO 27002 provides details and recommendations for the implementation of the controls described in the Annex A of ISO 27001.

ISO 27003 provides details and recommendations for the implementation of the requirements of ISO 27001. And ISO 27004 provides specific guidance for monitoring, measurement, analysis and evaluation of an ISMS.

In short, ISO 27001 defines what must be done, and ISO 27002, 27003 and 27004 provides recommendations about how to do what is required.

This article will provide you further explanation about ISO standards:
- ISO 27001 vs. ISO 27002 https://advisera.com/27001academy/knowledgebase/iso-27001-vs-iso-27002/

These materials will also help you regarding ISO standards:
- Book Secure & Simple: A Small-Business Guide to Implementing ISO 27001 On Your Own https://advisera.com/books/secure-and-simple-a-small-business-guide-to-implementing-iso-27001-on-your-own/
- Free online training ISO 27001 Foundations Course https://advisera.com/training/iso-27001-foundations-course/

Thank you for you replay ,
is 27001 combined with 27002 a good idea to secure a web application also? , because i mean there is some points in 27001 that we dont need probably or if i want to write a security policy for a web application , because i didn't get a lot of information about 15408 and how it works
What do u think about PCI ? im just trying to get the best norm and explain why thanks for u help