CCWAPSS : Pentest and score the security level of a webapps

The purpose of the scoring scale CCWAPSS is to share a common evaluation method for web application security assessments/pentests between security auditors and final customers.

This scale does not aim at replacing other evaluation standards but suggests a simple way of evaluating the security level of a web application.

CCWAPSS is focused on rating the security level of a distinct web application, web services or e-business platform. CCWAPSS does not aim at scoring a whole heterogenic perimeter.

11 commentaires:

Creator a dit…

Hello,
we wish to use your scoring system in our pentests.
I think you should provide downloadable GIFs /PNGs of scoring icons instead of letting us cut and paste from PDF.

Good starting point however. We'll feedback you with something about your methodology after some pentests.

Bye!

Stefano Coletta a dit…

The formula:

Score = 10 - Σ Risks + ( Σ Excellents / Σ Risks )

is wrong because if you have Risks = 0 and Excellents = 1 you get 1/0 that is an impossible division.

I think you should put a condition:

Risks > 0 in the overall formula.

N. a dit…

By nature Risk is NEVER 0.
When you perform security assessment, you never say that an application / environment / vulnerability is at no risk. You say that risk is low / moderate / high. After, it's up to you to accept or reject the risk.

web a dit…

Your website is fine for all its distinctive features. However, I have found http://www.infysolutions.com to be another content enriched website containing details on software development company,ecommerce solutions and software development.
Thanks.

indiroma a dit…

Thanks for the sharing this website. it is very useful professional knowledge. Great idea you know about company background.
web application development

Sylvain Maret a dit…

Thanks for this good job. It gives me a good way to explain risk to my customers.

Great Job

Sylvain

Anonyme a dit…

It was certainly interesting for me to read the article. Thanks for it. I like such themes and everything connected to them. I would like to read a bit more on that blog soon.

123 123 a dit…

Great post as for me. It would be great to read more concerning that matter. Thanx for giving this material.
Sexy Lady
London escort

Anonyme a dit…

Can anyone recommend the well-priced Script Deployment utility for a small IT service company like mine? Does anyone use Kaseya.com or GFI.com? How do they compare to these guys I found recently: [url=http://www.n-able.com] N-able N-central managed services software
[/url] ? What is your best take in cost vs performance among those three? I need a good advice please... Thanks in advance!

Anonyme a dit…
Ce commentaire a été supprimé par un administrateur du blog.
Anonyme a dit…
Ce commentaire a été supprimé par un administrateur du blog.