Wednesday

CCWAPSS : Pentest and score the security level of a webapps



CCWAPSS: A new blog about a comprehensive security scoring method for web applications:

The purpose of the scoring scale CCWAPSS is to share a common evaluation method for web application security assessments/pentests between security auditors and final customers.

This scale does not aim at replacing other evaluation standards but suggests a simple way of evaluating the security level of a web application.

CCWAPSS is focused on rating the security level of a distinct web application, web services or e-business platform. CCWAPSS does not aim at scoring a whole heterogenic perimeter.

Key benefits of CCWAPSS scoring •
  • Fighting against the « gaussienne » inclination using a restricted granularity that forces the auditor to clear-cut score (there is no medium choice).
  • Offering a solution to interpretation problems between different auditors by providing clear and well documented criteria.
  • The maximum score (10/10) means “compliant with Best Practices”. This score could be exceeded in case of excellence (like a medical vision evaluation such as 12/10).
Download the CCWAPSS release 1.0 Whitepaper.

No comments: