[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[WEB SECURITY] CCWAPSS : a Comprehensive security scoring method

From: Frederic Charpentier <fcharpen@xxxxxxxxxxxxxxxx>
Subject: [WEB SECURITY] CCWAPSS : a Comprehensive security scoring method
Date: Fri, 24 Aug 2007 15:05:55 +0200

--Apple-Mail-5--799842062
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain;
	charset=WINDOWS-1252;
	delsp=yes;
	format=flowed

We are pleased to release our first public release of the Common =20
Criteria Web Application Security Scoring (CCWAPSS).

This scale does not aim at replacing other evaluation standards but =20
suggests a simple way of evaluating the security level of a web =20
application.

Key benefits of CCWAPSS  :

- Fighting against the =AB gaussienne =BB inclination using a restricted =
=20
granularity that forces the auditor to clear-cut score (there is no =20
medium choice).
- Offering a solution to interpretation problems between different =20
auditors by providing clear and 11 well documented criteria.
- The maximum score (10/10) means =93compliant with Best Practices=94. =20=

This score could be exceeded in case of excellence (like a medical =20
vision evaluation such as 12/10).
- Each criteria is relative to section of the OWASP Guide 3.0.

The CCWAPSS whitepaper is available in PDF format at http://=20
ccwapss.blogspot.com/.

Contributions are welcome !

Regards, Fred.




--Apple-Mail-5--799842062
Content-Transfer-Encoding: quoted-printable
Content-Type: text/html;
	charset=WINDOWS-1252

<HTML><BODY style=3D"word-wrap: break-word; -khtml-nbsp-mode: space; =
-khtml-line-break: after-white-space; "><DIV>We are pleased to release =
our first public release of the Common Criteria Web Application Security =
Scoring (CCWAPSS).</DIV><DIV><BR =
class=3D"khtml-block-placeholder"></DIV><DIV>This scale does not aim at =
replacing other evaluation standards but suggests a simple way of =
evaluating the security level of a web application.</DIV><DIV><BR =
class=3D"khtml-block-placeholder"></DIV><DIV>Key benefits of CCWAPSS=A0 =
:</DIV><DIV><BR class=3D"khtml-block-placeholder"></DIV><DIV>- Fighting =
against the =AB gaussienne =BB inclination using a restricted =
granularity that forces the auditor to clear-cut score (there is no =
medium choice).</DIV><DIV>- Offering a solution to interpretation =
problems between different auditors by providing clear and 11 well =
documented criteria.</DIV><DIV>- The maximum score (10/10) means =
=93compliant with Best Practices=94. This score could be exceeded in =
case of excellence (like a medical vision evaluation such as =
12/10).</DIV><DIV>- Each criteria is relative to section of the OWASP =
Guide 3.0.</DIV><DIV><BR class=3D"khtml-block-placeholder"></DIV><DIV>The =
CCWAPSS whitepaper is available in PDF format at <A =
href=3D"http://ccwapss.blogspot.com";>http://ccwapss.blogspot.com</A>/.</DI=
V><DIV><BR class=3D"khtml-block-placeholder"></DIV><DIV>Contributions=A0ar=
e welcome !</DIV><DIV><BR =
class=3D"khtml-block-placeholder"></DIV><DIV>Regards, =
Fred.</DIV><DIV><BR class=3D"khtml-block-placeholder"></DIV><DIV><BR =
class=3D"khtml-block-placeholder"></DIV><BR></BODY></HTML>=

--Apple-Mail-5--799842062--

References:
- [WEB SECURITY] Announcement: Releasing CORE GRASP for PHP. An open source, dynamic web application protection system.
  - From: Ezequiel Gutesman
- Re: [WEB SECURITY] Announcement: Releasing CORE GRASP for PHP. An open source, dynamic web application protection system.
  - From: Ezequiel Gutesman

Prev by Date: Re: [WEB SECURITY] Announcement: Releasing CORE GRASP for PHP. An open source, dynamic web application protection system.
Next by Date: [WEB SECURITY] Firefox CSS flaws
Previous by thread: Re: [WEB SECURITY] Announcement: Releasing CORE GRASP for PHP. An open source, dynamic web application protection system.
Next by thread: [WEB SECURITY] Firefox CSS flaws
Index(es):
- Date
- Thread

Brought to you by http://www.webappsec.org
Search this site