CCWAPSS : Pentest and score the security level of a webapps

The purpose of the scoring scale CCWAPSS is to share a common evaluation method for web application security assessments/pentests between security auditors and final customers.

This scale does not aim at replacing other evaluation standards but suggests a simple way of evaluating the security level of a web application.

CCWAPSS is focused on rating the security level of a distinct web application, web services or e-business platform. CCWAPSS does not aim at scoring a whole heterogenic perimeter.

11 commentaires:

Creator a dit…

we wish to use your scoring system in our pentests.
I think you should provide downloadable GIFs /PNGs of scoring icons instead of letting us cut and paste from PDF.

Good starting point however. We'll feedback you with something about your methodology after some pentests.


Stefano Coletta a dit…

The formula:

Score = 10 - Σ Risks + ( Σ Excellents / Σ Risks )

is wrong because if you have Risks = 0 and Excellents = 1 you get 1/0 that is an impossible division.

I think you should put a condition:

Risks > 0 in the overall formula.

N. a dit…

By nature Risk is NEVER 0.
When you perform security assessment, you never say that an application / environment / vulnerability is at no risk. You say that risk is low / moderate / high. After, it's up to you to accept or reject the risk.

web a dit…

Your website is fine for all its distinctive features. However, I have found to be another content enriched website containing details on software development company,ecommerce solutions and software development.

indiroma a dit…

Thanks for the sharing this website. it is very useful professional knowledge. Great idea you know about company background.
web application development

Sylvain Maret a dit…

Thanks for this good job. It gives me a good way to explain risk to my customers.

Great Job


Anonyme a dit…

It was certainly interesting for me to read the article. Thanks for it. I like such themes and everything connected to them. I would like to read a bit more on that blog soon.

123 123 a dit…

Great post as for me. It would be great to read more concerning that matter. Thanx for giving this material.
Sexy Lady
London escort

Anonyme a dit…

Can anyone recommend the well-priced Script Deployment utility for a small IT service company like mine? Does anyone use or How do they compare to these guys I found recently: [url=] N-able N-central managed services software
[/url] ? What is your best take in cost vs performance among those three? I need a good advice please... Thanks in advance!

Anonyme a dit…
Ce commentaire a été supprimé par un administrateur du blog.
Anonyme a dit…
Ce commentaire a été supprimé par un administrateur du blog.