CCWAPSS

The Common Criteria Web Application Security Scoring (CCWAPSS) is a scoring scale developed by security consultants to evaluate the security level of a web application regarding penetration tests and security assessments.

The main benefit of this scoring method is to fight against the « gaussienne » inclination using a restricted granularity that forces the auditor to clear-cut score (there is no medium choice).

The 11 scoring criteria

This scale is based on 11 documented scoring criteria; each one is described in the OWAPS project :

$Score = 10 - sum_{} Risks + ( sum_{} Excellents / sum_{} Risks )$

Each criterion is relative to a section of the OWASP Guide 3.0.

1 - Authentication

2 - Authorization

3 - User’s Input Sanitization

4 - Error Handling and Information leakage

5 - Passwords/PIN Complexity

6 - User’s data confidentiality

7 - Session mechanism

8 - Patch management

9 - Administration interfaces

10 - Communication security

11 - Third-Party services exposure

ee also

* [http://ccwapss.blogspot.com/ The CCWAPSS blog]
* [http://www.owasp.org/index.php/OWASP_Guide_Project The OWASP Guide]

Wikimedia Foundation. 2010.

Игры ⚽ Поможем сделать НИР

Academic Dictionaries and Encyclopedias

CCWAPSS

Share the article and excerpts

Academic Dictionaries and Encyclopedias

Wikipedia

CCWAPSS

Share the article and excerpts

Direct link