Penetration Testing mailing list archives
Announcement : CCWAPSS methodology release 1.1
From: Frederic Charpentier <fcharpen () xmcopartners com>
Date: Wed, 7 Nov 2007 21:50:16 +0100
Greetings,I'm pleased to announce the release of the latest version of the Common Criteria Web Application Security Scoring : CCWAPSS v1.1.
This update clarifies the rating process when rating multiple flaws associated to the same criteria.
CCWAPSS =========CCWAPSS is a comprehensive security scoring methodolody dedicated to web application pentests. This scale aims at sharing a common, open and documented evaluation methodology between security auditors and final customers.
Key benefits of CCWAPSS =====================- Offering a solution to interpretation problems between different auditors by providing clear and 11 well documented criteria. - Fighting against the "gaussienne" inclination using a restricted granularity that forces the auditor to clear-cut score (there is no medium choice). - The maximum score (10/10) means "compliant with Best Practices". This score could be exceeded in case of excellence (like a medical vision evaluation such as 12/10).
- Each criteria is relative to section of the OWASP Guide 3.0.The CCWAPSS v1.1 whitepaper is available in PDF format at http://ccwapss.blogspot.com/ .
Comments and suggestions are always welcome Regards, Fred. ------------------------------------------------------------------------ This list is sponsored by: Cenzic Need to secure your web apps NOW? Cenzic finds more, "real" vulnerabilities fast. Click to try it, buy it or download a solution FREE today! http://www.cenzic.com/downloads ------------------------------------------------------------------------
Current thread:
- Announcement : CCWAPSS methodology release 1.1 Frederic Charpentier (Nov 07)