| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 7 Nov 2007 21:42:15 +0100
From: Frederic Charpentier <fcharpen@...opartners.com>
To: full-disclosure@...ts.grok.org.uk
Subject: Announcement : CCWAPSS methodology release 1.1
Greetings FD,
I'm pleased to announce the release of the latest version of the
Common Criteria Web Application Security Scoring : CCWAPSS v1.1.
This update clarifies the rating process when rating multiple flaws
associated to the same criteria.
CCWAPSS
=========
CCWAPSS is a comprehensive security scoring methodolody dedicated to
web application pentests.
This scale aims at sharing a common, open and documented evaluation
methodology between security auditors and final customers.
Key benefits of CCWAPSS
=====================
- Offering a solution to interpretation problems between different
auditors by providing clear and 11 well documented criteria.
- Fighting against the « gaussienne » inclination using a restricted
granularity that forces the auditor to clear-cut score (there is no
medium choice).
- The maximum score (10/10) means “compliant with Best Practices”.
This score could be exceeded in case of excellence (like a medical
vision evaluation such as 12/10).
- Each criteria is relative to section of the OWASP Guide 3.0.
The CCWAPSS v1.1 whitepaper is available in PDF format at http://ccwapss.blogspot.com/
.
Comments and suggestions are always welcome.
Regards, Fred.
Content of type "text/html" skipped
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists