Security Dashboard
ARTICLE
Focus on CCWAPSS Web Application Scoring Scale Version 1.0
Sunday 7 October 2007
A friend of mine Frederic Charpentier (senior security consultant) developed a good new web application scoring scale called CCWAPSS. CCWAPSS stands for Common Criteria Web Application Security and it aims to share a common evaluation method for web application security assessments/pentests between security auditors and final customers.Key benefits of CCWAPSS framework :
Fighting against the « gaussienne » inclination using a restricted granularity that forces the auditor to clear-cut score (there is no medium choice).
Offering a solution to interpretation problems between different auditors by providing clear and well documented criteria.
The maximum score (10/10) means “compliant with Best Practices”. This score could be exceeded in case of excellence (like a medical vision evaluation such as 12/10).
Each criteria is relative to section of the OWASP Guide 3.0.
POSTSCRIPTUM
Download Version 1.0 of CCWAPSS
RELATED ARTICLES
CCWAPSS, Framework, Methodology, Metrics, 8 November 2007 : CCWAPSS Methodology updated to v1.17 October 2007 : Focus on CCWAPSS Web Application Scoring Scale Version 1.0
