CCWAPSS

The Common Criteria Web Application Security Scoring (CCWAPSS) is a scoring scale developed by security consultants to evaluate the security level of a web application regarding penetration tests and security assessments.

The main benefit of this scoring method is to fight against the « gaussienne » inclination using a restricted granularity that forces the auditor to clear-cut score (there is no medium choice).

The 11 scoring criteria

This scale is based on 11 documented scoring criteria; each one is described in the OWAPS project :

$Score\; =\; 10\; -\; sum\_\{\}\; Risks\; +\; (\; sum\_\{\}\; Excellents\; /\; sum\_\{\}\; Risks\; )$

Each criterion is relative to a section of the OWASP Guide 3.0.

1 - Authentication

2 - Authorization

3 - User’s Input Sanitization

4 - Error Handling and Information leakage

5 - Passwords/PIN Complexity

6 - User’s data confidentiality

7 - Session mechanism

8 - Patch management

9 - Administration interfaces

10 - Communication security

11 - Third-Party services exposure

ee also

* [http://ccwapss.blogspot.com/ The CCWAPSS blog]
* [http://www.owasp.org/index.php/OWASP_Guide_Project The OWASP Guide]