[VIM] CCWAPSS : a Comprehensive security scoring method for web applications (fwd)

security curmudgeon jericho at attrition.org
Fri Aug 24 19:44:25 UTC 2007

---------- Forwarded message ----------
From: Frederic Charpentier <fcharpen at xmcopartners.com>
Resent-From: pen-test-return-1078484963 at securityfocus.com
To: pen-test at securityfocus.com
Date: Fri, 24 Aug 2007 15:47:53 +0200
Subject: CCWAPSS : a Comprehensive security scoring method for web applications


We are pleased to release our first public release of the Common Criteria Web 
Application Security Scoring (CCWAPSS).

This scale does not aim at replacing other evaluation standards but suggests a 
simple way of evaluating the security level of a web application.

Key benefits of CCWAPSS  :

- Fighting against the « gaussienne » inclination using a restricted 
granularity that forces the auditor to clear-cut score (there is no medium 
- Offering a solution to interpretation problems between different auditors by 
providing clear and 11 well documented criteria.
- The maximum score (10/10) means “compliant with Best Practices”. This score 
could be exceeded in case of excellence (like a medical vision evaluation such 
as 12/10).
- Each criteria is relative to section of the OWASP Guide 3.0.

The CCWAPSS whitepaper is available in PDF format at 

Contributions are welcome !

Regards, Fred.

This list is sponsored by: Cenzic

Need to secure your web apps NOW?
Cenzic finds more, "real" vulnerabilities fast.
Click to try it, buy it or download a solution FREE today!


More information about the VIM mailing list