The purpose of the scoring scale CCWAPSS is to share a common evaluation method for web application security assessments/pentests between security auditors and final customers.
This scale does not aim at replacing other evaluation standards but suggests a simple way of evaluating the security level of a web application.
CCWAPSS is focused on rating the security level of a distinct web application, web services or e-business platform. CCWAPSS does not aim at scoring a whole heterogenic perimeter.
Key benefits of CCWAPSS
- Fighting against the inclination of using a restricted granularity that forces the auditor to clear-cut score (there is no medium choice).
- Offering a solution to interpretation problems between different auditors by providing clear and 11 well documented criteria.
- The maximum score (10/10) means “compliant with Best Practices”. This score could be exceeded in case of excellence (like a medical vision evaluation such as 12/10).
- Each criteria is relative to section of the OWASP Guide 3.0.
The 11 scoring criteria
3. User’s Input Sanitization
4. Error Handling and Information leakage
5. Passwords/PIN Complexity
6. User’s data confidentiality
7. Session mechanism
8. Patch management
9. Administration interfaces
10. Communication security
11. Third-Party services exposure
You can get the CCWAPSS whitepaper here:
Or read more here.
- Passera – Generate A Unique Strong Password For Every Website
- HoneyDrive 3 Released – The Premier Honeypot Bundle Distro
- Codesake::Dawn – Static Code Analysis Security Scanner For Ruby
- Academic Papers on Web Application Security
- GoLISMERO – Web Application Mapping Tool
- BodgeIt Store – Vulnerable Web Application For Penetration Testing
Most Read in Countermeasures:
- AJAX: Is your application secure enough? - 119,087 views
- Password Hasher Firefox Extension - 116,978 views
- NDR or Backscatter Spam – How Non Delivery Reports Become a Nuisance - 57,546 views