[Full-disclosure] Announcement : CCWAPSS methodology release 1.1

[Frederic Charpentier]

Greetings FD,

I'm pleased to announce the release of the latest version of the  
Common Criteria Web Application Security Scoring : CCWAPSS v1.1.

This update clarifies the rating process when rating multiple flaws  
associated to the same criteria.

CCWAPSS
=========

CCWAPSS is a comprehensive security scoring methodolody dedicated to  
web application pentests.
This scale aims at sharing a common, open and documented evaluation  
methodology between security auditors and final customers.

Key benefits of CCWAPSS
=====================
- Offering a solution to interpretation problems between different  
auditors by providing clear and 11 well documented criteria.
- Fighting against the « gaussienne » inclination using a restricted  
granularity that forces the auditor to clear-cut score (there is no  
medium choice).
- The maximum score (10/10) means “compliant with Best Practices”.  
This score could be exceeded in case of excellence (like a medical  
vision evaluation such as 12/10).
- Each criteria is relative to section of the OWASP Guide 3.0.

The CCWAPSS v1.1 whitepaper is available in PDF format at http://ccwapss.blogspot.com/ 
.

Comments and suggestions are always welcome.

Regards, Fred.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20071107/6bd5c97a/attachment.html