CCWAPSS Methodology updated to v1.1

CCWAPSS (Common Criteria Web Application Security Scoring ) is a comprehensive security scoring methodolody dedicated to web application pentests.

This scale aims to sharing a common, open and documented evaluation
methodology between security auditors and the end-customers.

This update clarifies the rating process when rating multiple flaws
associated to the same criteria.

Key benefits of CCWAPSS :

  • Offering a solution to interpretation problems between different
    auditors by providing clear and 11 well documented criteria.
  • Fighting against the "gaussienne" inclination using a restricted
    granularity that forces the auditor to clear-cut score (there is no
    medium choice).
  • The maximum score (10/10) means "compliant with Best Practices".
    This score could be exceeded in case of excellence (like a medical
    vision evaluation such as 12/10).
  • Each criteria is relative to section of the OWASP Guide 3.0

We also do thank senior security consultant Frederic Charpentier (CCWAPSS author) for quoting us as contributors among others.

Post scriptum


Related Articles