[VIM] CCWAPSS : a Comprehensive security scoring method for web applications (fwd)
security curmudgeon
jericho at attrition.org
Fri Aug 24 19:44:25 UTC 2007
---------- Forwarded message ----------
From: Frederic Charpentier <fcharpen at xmcopartners.com>
Resent-From: pen-test-return-1078484963 at securityfocus.com
To: pen-test at securityfocus.com
Date: Fri, 24 Aug 2007 15:47:53 +0200
Subject: CCWAPSS : a Comprehensive security scoring method for web applications
Hi,
We are pleased to release our first public release of the Common Criteria Web
Application Security Scoring (CCWAPSS).
This scale does not aim at replacing other evaluation standards but suggests a
simple way of evaluating the security level of a web application.
Key benefits of CCWAPSS :
- Fighting against the « gaussienne » inclination using a restricted
granularity that forces the auditor to clear-cut score (there is no medium
choice).
- Offering a solution to interpretation problems between different auditors by
providing clear and 11 well documented criteria.
- The maximum score (10/10) means “compliant with Best Practices”. This score
could be exceeded in case of excellence (like a medical vision evaluation such
as 12/10).
- Each criteria is relative to section of the OWASP Guide 3.0.
The CCWAPSS whitepaper is available in PDF format at
http://ccwapss.blogspot.com/.
Contributions are welcome !
Regards, Fred.
------------------------------------------------------------------------
This list is sponsored by: Cenzic
Need to secure your web apps NOW?
Cenzic finds more, "real" vulnerabilities fast.
Click to try it, buy it or download a solution FREE today!
http://www.cenzic.com/downloads
------------------------------------------------------------------------
More information about the VIM
mailing list