CCWAPSS : a Comprehensive security scoring method for web applications

[Frederic Charpentier <fcharpen () xmcopartners com>]

Hi,

We are pleased to release our first public release of the Common  
Criteria Web Application Security Scoring (CCWAPSS).

This scale does not aim at replacing other evaluation standards but  
suggests a simple way of evaluating the security level of a web  
application.

Key benefits of CCWAPSS  :

- Fighting against the « gaussienne » inclination using a restricted  
granularity that forces the auditor to clear-cut score (there is no  
medium choice).
- Offering a solution to interpretation problems between different  
auditors by providing clear and 11 well documented criteria.
- The maximum score (10/10) means “compliant with Best Practices”.  
This score could be exceeded in case of excellence (like a medical  
vision evaluation such as 12/10).
- Each criteria is relative to section of the OWASP Guide 3.0.

The CCWAPSS whitepaper is available in PDF format at http:// 
ccwapss.blogspot.com/.

Contributions are welcome !

Regards, Fred.




------------------------------------------------------------------------
This list is sponsored by: Cenzic

Need to secure your web apps NOW?
Cenzic finds more, "real" vulnerabilities fast.
Click to try it, buy it or download a solution FREE today!

http://www.cenzic.com/downloads
------------------------------------------------------------------------