|
The Common Criteria Web Application Security Scoring (CCWAPSS) is a scoring scale developed by security consultants to evaluate the security level of a web application regarding penetration tests and security assessments. The main benefit of this scoring method is to fight against the « gaussienne » inclination using a restricted granularity that forces the auditor to clear-cut score (there is no medium choice). ==The 11 scoring criteria== This scale is based on 11 documented scoring criteria; each one is described in the OWASP project : Each criterion is relative to a section of the OWASP Guide 3.0. 1 - Authentication 2 - Authorization 3 - User’s Input Sanitization 4 - Error Handling and Information leakage 5 - Passwords/PIN Complexity 6 - User’s data confidentiality 7 - Session mechanism 8 - Patch management 9 - Administration interfaces 10 - Communication security 11 - Third-Party services exposure 抄文引用元・出典: フリー百科事典『 ウィキペディア(Wikipedia)』 ■ウィキペディアで「CCWAPSS」の詳細全文を読む スポンサード リンク
|