Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Pen-Test
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

CCWAPSS : a Comprehensive security scoring method for web applications

from [Frederic Charpentier] Network Security [Permanent Link]
Subject: CCWAPSS : a Comprehensive security scoring method for web applications
Date: Fri, 24 Aug 2007 15:47:53 +0200 
Hi,

We are pleased to release our first public release of the Common Criteria Web Application Security Scoring (CCWAPSS).

This scale does not aim at replacing other evaluation standards but suggests a simple way of evaluating the security level of a web application.

Key benefits of CCWAPSS  :

- Fighting against the « gaussienne » inclination using a restricted granularity that forces the auditor to clear-cut score (there is no medium choice).
- Offering a solution to interpretation problems between different auditors by providing clear and 11 well documented criteria.
- The maximum score (10/10) means “compliant with Best Practices”. This score could be exceeded in case of excellence (like a medical vision evaluation such as 12/10).
- Each criteria is relative to section of the OWASP Guide 3.0.

The CCWAPSS whitepaper is available in PDF format at http:// ccwapss.blogspot.com/.

Contributions are welcome !

Regards, Fred.




------------------------------------------------------------------------
This list is sponsored by: Cenzic

Need to secure your web apps NOW?
Cenzic finds more, "real" vulnerabilities fast.
Click to try it, buy it or download a solution FREE today!

http://www.cenzic.com/downloads
------------------------------------------------------------------------


[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
  • CCWAPSS : a Comprehensive security scoring method for web applications, Frederic Charpentier <=
Previous by Date:  Re: CEH Books, UnODir
Next by Date:  RE: Bittorrent Data Port Probe, Paul Melson
Previous by Thread:  24th Chaos Communication Congress 2007: Call for Participation, fukami
Next by Thread:  Assessing Adtran's AOS?, John Smith
Indexes:  [Date] [Thread] [Top] [All Lists]