Announcement : CCWAPSS methodology release 1.1

From: Frederic Charpentier (fcharpen@xmcopartners.com)
Date: Wed Nov 07 2007 - 15:50:16 EST


Greetings,

I'm pleased to announce the release of the latest version of the
Common Criteria Web Application Security Scoring : CCWAPSS v1.1.

This update clarifies the rating process when rating multiple flaws
associated to the same criteria.

CCWAPSS
=========

CCWAPSS is a comprehensive security scoring methodolody dedicated to
web application pentests.
This scale aims at sharing a common, open and documented evaluation
methodology between security auditors and final customers.

Key benefits of CCWAPSS
=====================
- Offering a solution to interpretation problems between different
auditors by providing clear and 11 well documented criteria.
- Fighting against the "gaussienne" inclination using a restricted
granularity that forces the auditor to clear-cut score (there is no
medium choice).
- The maximum score (10/10) means "compliant with Best Practices".
This score could be exceeded in case of excellence (like a medical
vision evaluation such as 12/10).
- Each criteria is relative to section of the OWASP Guide 3.0.

The CCWAPSS v1.1 whitepaper is available in PDF format at http://ccwapss.blogspot.com/
.

Comments and suggestions are always welcome

Regards, Fred.

------------------------------------------------------------------------
This list is sponsored by: Cenzic

Need to secure your web apps NOW?
Cenzic finds more, "real" vulnerabilities fast.
Click to try it, buy it or download a solution FREE today!

http://www.cenzic.com/downloads
------------------------------------------------------------------------



This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:58:12 EDT