CCWAPSS Methodology updated to v1.1
CCWAPSS (Common Criteria Web Application Security Scoring ) is a comprehensive security scoring methodolody dedicated to web application pentests.
This scale aims to sharing a common, open and documented evaluation
methodology between security auditors and the end-customers.
This update clarifies the rating process when rating multiple flaws
associated to the same criteria.
Key benefits of CCWAPSS :
- Offering a solution to interpretation problems between different
auditors by providing clear and 11 well documented criteria.
- Fighting against the "gaussienne" inclination using a restricted
granularity that forces the auditor to clear-cut score (there is no
- The maximum score (10/10) means "compliant with Best Practices".
This score could be exceeded in case of excellence (like a medical
vision evaluation such as 12/10).
- Each criteria is relative to section of the OWASP Guide 3.0
We also do thank senior security consultant Frederic Charpentier (CCWAPSS author) for quoting us as contributors among others.