From: Frederic Charpentier (fcharpen@xmcopartners.com)
Date: Fri Aug 24 2007 - 09:47:53 EDT
Hi,
We are pleased to release our first public release of the Common
Criteria Web Application Security Scoring (CCWAPSS).
This scale does not aim at replacing other evaluation standards but
suggests a simple way of evaluating the security level of a web
application.
Key benefits of CCWAPSS :
- Fighting against the « gaussienne » inclination using a restricted
granularity that forces the auditor to clear-cut score (there is no
medium choice).
- Offering a solution to interpretation problems between different
auditors by providing clear and 11 well documented criteria.
- The maximum score (10/10) means “compliant with Best Practices”.
This score could be exceeded in case of excellence (like a medical
vision evaluation such as 12/10).
- Each criteria is relative to section of the OWASP Guide 3.0.
The CCWAPSS whitepaper is available in PDF format at http://
ccwapss.blogspot.com/.
Contributions are welcome !
Regards, Fred.
------------------------------------------------------------------------
This list is sponsored by: Cenzic
Need to secure your web apps NOW?
Cenzic finds more, "real" vulnerabilities fast.
Click to try it, buy it or download a solution FREE today!
http://www.cenzic.com/downloads
------------------------------------------------------------------------
This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:58:03 EDT