Security Dashboard
CCWAPSS Methodology updated to v1.1
Thursday 8 November 2007
CCWAPSS (Common Criteria Web Application Security Scoring ) is a comprehensive security scoring methodolody dedicated to web application pentests.
This scale aims to sharing a common, open and documented evaluation methodology between security auditors and the end-customers.
This update clarifies the rating process when rating multiple flaws associated to the same criteria.
Key benefits of CCWAPSS :
Offering a solution to interpretation problems between different
auditors by providing clear and 11 well documented criteria.
Fighting against the "gaussienne" inclination using a restricted
granularity that forces the auditor to clear-cut score (there is no
medium choice).
The maximum score (10/10) means "compliant with Best Practices".
This score could be exceeded in case of excellence (like a medical
vision evaluation such as 12/10).
Each criteria is relative to section of the OWASP Guide 3.0
We also do thank senior security consultant Frederic Charpentier (CCWAPSS author) for quoting us as contributors among others.
POSTSCRIPTUM
RELATED ARTICLES
CCWAPSS, Methodology, Metrics, 8 November 2007 : CCWAPSS Methodology updated to v1.17 October 2007 : Focus on CCWAPSS Web Application Scoring Scale Version 1.0
